NITDA Alerts Website Owners About Security Risks in Jupiter X Core WordPress Plugin

NITDA Warns Nigerian Website Owners About Critical Security Flaw in Jupiter X Core WordPress Plugin

The National Information Technology Development Agency (NITDA) has issued a cybersecurity warning to Nigerian website owners regarding a severe security vulnerability in the widely used Jupiter X Core WordPress plugin.

In an announcement via its official X account, NITDA urged website administrators to take immediate action to safeguard their sites from potential cyber threats. The vulnerability, labeled CVE-2025-0366, has been classified as an "unauthenticated privilege escalation vulnerability," which could put numerous WordPress-powered sites at risk.

Details of the Vulnerability

According to NITDA, the warning is based on findings from the Computer Emergency Readiness and Response Team Nigeria (CERNT.NG), a division under the agency. The flaw allows cybercriminals to bypass authentication systems and gain administrator access to affected websites. This security breach could enable attackers to execute malicious code, effectively taking full control of compromised platforms.

"A critical security issue has been identified in the Jupiter X Core plugin for WordPress, impacting websites using this popular theme framework," NITDA stated.

The Scope of the Threat

The Jupiter X Core plugin, which is an essential part of the Jupiter X theme framework, is used by over 90,000 WordPress users globally, with a significant presence in Nigeria. Although a security patch was introduced earlier this year, many website owners may still be using outdated versions, leaving their platforms vulnerable to exploitation.

If left unpatched, the flaw could allow hackers to:

• Modify or delete website content
• Inject malware that could infect site visitors
• Steal sensitive data, including customer details and login credentials
• Redirect users to phishing sites designed to harvest personal information

For Nigerian businesses, particularly those that rely on WordPress for e-commerce, customer engagement, and online transactions, this vulnerability poses a substantial risk.

“This is a serious threat to website owners, especially those handling user data,” NITDA warned, highlighting potential financial losses, legal consequences, and reputational damage.

How to Protect Your Website

In response to the security threat, CERNT.NG has provided four key steps for website administrators to enhance protection:

1.     Update to Jupiter X Core 4.8.8 – The plugin’s developers have released a patched version (4.8.8) that addresses the vulnerability. Website owners should update their plugin immediately through the WordPress dashboard.

2.     Remove Unused Plugins – Inactive or outdated plugins can serve as entry points for hackers. Site administrators should review and delete any plugins that are no longer in use.

3.     Monitor for Unusual Activity – Regularly check admin accounts and website settings for unauthorized changes. If suspicious activity is detected, revoke access immediately and reset all passwords.

4.     Strengthen Authentication – Implementing two-factor authentication (2FA) and enforcing strong, unique passwords for all users can provide an additional layer of security.

Why This Matters for Nigerian Businesses

WordPress powers approximately 40% of websites worldwide, and its widespread adoption extends to Nigeria, where many small and medium-sized businesses (SMEs) use the platform for online operations. From e-commerce stores to informational websites, WordPress is a vital tool for digital growth.

However, this popularity also makes WordPress sites a primary target for cybercriminals looking to exploit vulnerabilities like CVE-2025-0366.

If attackers successfully breach a website, the consequences could be severe. Malware infections may disrupt business operations, stolen customer data could lead to legal action under Nigeria’s Data Protection Regulation (NDPR), and reputational damage could result in lost customer trust.

This warning comes at a time when cybersecurity threats in Nigeria are rising. As digital adoption accelerates, cyberattacks—including phishing scams, ransomware, and fraud—have become more prevalent, targeting both public and private institutions.

NITDA urges website owners to prioritize security measures and remain vigilant to protect their online assets from emerging cyber threats.