Cyber Security Threat Summary:
WordPress security company Patchstack discovered two critical vulnerabilities affecting Jupiter X Core, a premium visual editor plugin for setting up Wordpress and WooCommerce websites. The first flaw tracked as CVE-2023-38388, allows unauthenticated threat actors to upload files, which could lead to arbitrary code execution on the server. “CVE-2023-38388 can be exploited because there are no authentication checks within the plugin's 'upload_files' function, which can be called from the front end by anyone. The vendor's patch adds a check for the function and also activates a second check to prevent uploading risky file types” (Bleeping Computer, 2023).

The second flaw tracked as CVE-2023-38389 (CVSS score: 9.8), allows attackers to control any WordPress user account without authentication, given that the email address associated with the account is known. According to security analyst Rafie Muhammad, the vulnerability resides in the 'ajax_handler' function in the Facebook login process of the plugin. In particular, this function would allow an unauthenticated user to set any WordPress user’s 'social-media-user-facebook-id' meta with any value through the 'set_user_facebook_id' function. With this meta value being used to authenticate users in WordPress, attackers can abuse it to authenticate as any registered user on the site, including admins, given that the email address is known.

Security Officer Comments:
CVE-2023-38388 impacts all JupiterX Core versions starting 3.3.5 and below and was fixed with the release of version 3.3.8. As for CVE-2023-38389, the flaw impacts all versions of Jupiter X Core starting from 3.3.8 and below and was fixed in version 3.4.3. No details of active exploitation regarding these flaws were mentioned. However given Jupiter X Core is used by over 172,000 websites, it won’t be long before actors abuse their flaws in potential attacks.

Suggested Correction(s):
Administrators of content management sites like WordPress should periodically ensure that their plugins and site themes are up to date, whenever new patches are released, as threat actors can exploit them for initial compromise. Making sure a strong password policy is in place and that two-factor authentication is enabled, can be crucial in preventing attackers from compromising site accounts.

Link(s):
https://www.bleepingcomputer.com/