Researchers discovered a significant privilege escalation problem in two themes used by over 90,000 WordPress sites that might allow threat actors to take entire control of the sites.
In a blog post published Wednesday, WordFence Threat Intelligence Team researcher Ramuel Gall highlighted the issue, which was one of five he uncovered in the Jupiter and JupiterX Premium WordPress themes between early April and early May.
According to the researchers, one of the flaws, CVE-2022-1654, is a critical vulnerability that allows “any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges and completely take over any site running either the Jupiter Theme or JupiterX Core Plugin.”
Read More: https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/