
Nigerian website owners have been warned to be alert to security vulnerabilities in WordPress’s Jupiter X core plugin.
The warning was released Wednesday by the National Information Technology Development Agency (NITDA) through its official X account.
According to the agency, the vulnerability identified as CVE-2025-0366 poses a significant cybersecurity risk, potentially allowing attackers to control affected websites without authentication.
Security advisors from the Computer Emergency Ready and Response Team Nigeria (Cernt.ng) noted that the flaw is an “undefined privilege escalation vulnerability”, which means that attackers can use this plugin to gain administrative access on the website or execute arbitrary code.
“A critical security vulnerability was found in the Jupiter X Core plugin for WordPress, using this popular theme framework to affect the website,” the statement said.