The National Information Technology Development Agency (NITDA) has alerted Nigerian website owners to a serious security flaw in the Jupiter X Core plugin for WordPress. The vulnerability, identified as CVE-2025-0366, could allow attackers to take control of affected websites without authentication.
NITDA disclosed this warning on its official X account, citing a security advisory from the Computer Emergency Readiness and Response Team Nigeria (CERNT.NG). The advisory describes the flaw as an “unauthenticated privilege escalation vulnerability,” enabling attackers to gain admin access or execute arbitrary code on compromised websites.
How This Affects Nigerian Websites
If exploited, this vulnerability could allow attackers to:
– Modify or delete website content.
– Inject malware that infects website visitors.
– Steal customer data and login credentials.
– Redirect users to phishing sites.
Steps to Protect Your Website
CERNT.NG has advised website administrators to take the following actions immediately:
1. Update the Plugin – The issue has been fixed in Jupiter X Core 4.8.8. Website owners should update to the latest version through their WordPress dashboard.
2. Remove Unused Plugins – Outdated or inactive plugins can be exploited. Conduct an audit and remove unnecessary plugins.
3. Monitor for Unauthorized Access – Regularly check for unknown admin accounts or suspicious changes. Revoke unauthorized access and reset passwords.
4. Use Strong Authentication – Enable two-factor authentication (2FA) for added security and use strong, unique passwords.
Many Nigerian businesses rely on WordPress for e-commerce, customer engagement, and transactions. A security breach could lead to financial losses, legal issues, loss of customer trust, and website downtime.
“This poses a significant risk to website owners, especially those handling sensitive user data,” NITDA warned.
Website owners are urged to act quickly to prevent exploitation and protect their online assets from potential cyberattacks.
