Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication.
Jupiter X Core is an easy-to-use yet powerful visual editor, part of the Jupiter X theme, which is used in over 172,000 websites.
Rafie Muhammad, an analyst at WordPress security company Patchstack, discovered the two critical vulnerabilities and reported them to ArtBee, the developer of Jupiter X Core, who addressed the issues earlier this month.
![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
