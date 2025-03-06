The National Information Technology Development Agency (NITDA) has issued a warning to Nigerian website owners about a newly discovered security vulnerability in the Jupiter X Core plugin for WordPress.

This was disclosed by the agency on its official x account.

The vulnerability, identified as CVE-2025-0366, poses a significant cybersecurity risk, potentially allowing attackers to take control of affected websites without authentication.

According to the agency, a security advisory from the Computer Emergency Readiness and Response Team Nigeria (CERNT.NG) noted that the flaw is an “unauthenticated privilege escalation vulnerability,” meaning attackers can gain administrative access or execute arbitrary code on websites using this plugin.

“A critical security flaw has been discovered in the Jupiter X Core plugin for WordPress, affecting websites using this popular theme framework,” the statement said

How this vulnerability affects Nigerian websites

The impact of this security flaw is far-reaching. If exploited, attackers can gain complete control over affected WordPress sites, allowing them to:

Modify or delete website content

Inject malware that can infect users visiting the website

Steal sensitive information such as customer data and login credentials

Redirect users to phishing websites

Steps to mitigate the security risk

To prevent exploitation of the vulnerability, CERNT.NG has outlined four key steps that website administrators and business owners should take immediately:

1. Update to the latest version

The vulnerability has been fixed in the latest patched version of the plugin, Jupiter X Core 4.8.8. Website owners should check their WordPress dashboard and update the plugin immediately.

2. Remove outdated or unused plugins

Unused or old plugins are a common security risk, as attackers can exploit known vulnerabilities. Administrators should conduct an audit of all installed plugins and remove any that are no longer needed.

3. Monitor for unauthorized access

Regularly check for unauthorized admin accounts or unexpected changes in website settings. If unknown accounts are found, revoke their access and reset all passwords.

4. Use strong authentication methods

Enable two-factor authentication (2FA) for website admins and users to add an extra layer of security. Use strong, unique passwords for all administrator accounts.

Why this matters for Nigerian businesses

Many Nigerian businesses rely on WordPress-powered websites for e-commerce, customer engagement, and online transactions.

“This poses a significant risk to website owners, especially those handling sensitive user data,” they said.

A security breach could lead to financial losses from fraudulent transactions, legal consequences if customer data is stolen, loss of trust from customers and partners, and business downtime due to site defacement or malware infections.