A critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025. The flaw enables authenticated attackers with contributor-level privileges to execute remote code via chained Local File Inclusion (LFI) and malicious SVG uploads. Discovered by researcher stealthcopter through the Wordfence Bug Bounty Program, the vulnerability […]
The post 90,000 WordPress Sites Exposed to Local File Inclusion Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform