The National Information Technology Development Agency (NITDA) has alerted Nigerian website owners to a serious security vulnerability in the Jupiter X Core WordPress plugin.
Disclosing this on its official X account, NITDA identified the flaw as CVE-2025-0366, a high-risk vulnerability that could allow attackers to take over affected websites without authentication. The agency, citing a security advisory from the Computer Emergency Readiness and Response Team Nigeria (CERNT.NG), described it as an “unauthenticated privilege escalation vulnerability,” meaning hackers could gain administrative control or execute arbitrary code on compromised sites.If exploited, the vulnerability could allow attackers to:
- Modify or delete website content.
- Inject malware to infect site visitors.
- Steal sensitive data such as customer information and login credentials.
- Redirect users to phishing websites.
How to Protect Your Website:
To mitigate the risk, CERNT.NG advises website administrators and business owners to take immediate action:
- Update the Plugin: The issue has been fixed in Jupiter X Core 4.8.8. Website owners should update to this latest version immediately.
- Remove Unused Plugins: Outdated or inactive plugins can be a security risk. Administrators should delete any that are no longer necessary.
- Monitor for Unauthorized Access: Regularly check for suspicious admin accounts or unexpected website changes. If found, revoke access and reset all passwords.
- Enable Strong Authentication: Implement two-factor authentication (2FA) for website administrators and enforce strong, unique passwords.
Many Nigerian businesses rely on WordPress-powered websites for e-commerce, customer engagement, and financial transactions. A security breach could result in financial losses, legal consequences from data breaches, reputational damage, and business downtime due to site defacement or malware infection.
NITDA urges website owners to act swiftly to secure their platforms and protect their users from potential cyber threats.
