The National Information Technology Development Agency (NITDA) has issued an urgent warning to Nigerian website owners about a critical security vulnerability affecting the Jupiter X Core plugin for WordPress. This flaw, identified as CVE-2025-0366, could allow hackers to take full control of websites using the plugin, potentially leading to severe consequences for businesses and users.
In a statement shared via its official social media account, NITDA highlighted that the vulnerability is classified as an “unauthenticated privilege escalation” issue. This means attackers can exploit the flaw without needing login credentials, enabling them to gain administrative access or execute harmful code on affected websites.
How the Vulnerability Impacts Websites
The implications of this security flaw are far-reaching. If exploited, attackers could:
Modify or delete website content.
Inject malware that spreads to users visiting the site.
Steal sensitive information, including customer data and login credentials.
Redirect visitors to phishing websites designed to steal personal information.
For Nigerian businesses that rely heavily on WordPress for e-commerce, customer engagement, and other online services, the risks are particularly alarming. A successful attack could result in financial losses, reputational damage, legal consequences from data breaches, and operational downtime.
Steps to Protect Your Website
To address this threat, NITDA’s advisory—issued in collaboration with the Computer Emergency Readiness and Response Team Nigeria (CERNT.NG)—recommends immediate action. Website administrators and business owners should:
Update the Plugin: The vulnerability has been fixed in the latest version of Jupiter X Core (4.8.8). Website owners should update their plugin through their WordPress dashboard immediately.
Remove Unused Plugins: Outdated or unused plugins are common entry points for hackers. Conduct a thorough audit and uninstall any unnecessary plugins.
Monitor for Unauthorized Access: Regularly check for unknown admin accounts or unexpected changes to website settings. If suspicious activity is detected, revoke access and reset all passwords.
Enable Strong Authentication: Implement two-factor authentication (2FA) for all admin accounts and ensure passwords are strong and unique.
Why This Matters for Nigerian Businesses
WordPress powers a significant portion of websites in Nigeria, including those used for online transactions and customer interactions. A breach caused by this vulnerability could lead to stolen customer data, fraudulent transactions, loss of trust from clients and partners, and even legal repercussions.
“This poses a significant risk to website owners, especially those handling sensitive user data,” NITDA stated.
By taking swift action to secure their websites, businesses can protect themselves from potential attacks while safeguarding their customers’ trust and data.
