Attention WordPress website owners using the JupiterX Core plugin: A high-severity Arbitrary File Download vulnerability has been identified, posing significant risks to WordPress security and potentially exposing your website to malware threats.

The security flaw was discovered and responsibly reported by Lana Codes, underlining the crucial role played by security researchers in ensuring a secure WordPress environment.

The vulnerability lies in the JupiterX Core Plugin, where attackers could exploit the flaw to download any file from your website. This includes sensitive files containing login credentials or backup files, raising serious concerns about data security.


The vulnerability has a CVSS 3.1 score of 7.5, which is considered to be high severity. This means that the vulnerability is very likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

As of now, no patched version is available to address the vulnerability, leaving websites using the JupiterX Core Plugin vulnerable to potential attacks.


If exploited, malicious actors could gain unauthorized access to sensitive files on your website, potentially compromising login credentials, critical data, or backup files. This exposes websites to the risk of malware infection and unauthorized data access.


Given the high severity of this vulnerability and the unavailability of a patched version, immediate action is essential to safeguard your WordPress website:

  1. Disable the JupiterX Core Plugin: As an immediate measure, disable the plugin to mitigate the risk of exploitation. This will prevent attackers from downloading sensitive files from websites.
  2. Monitor for Updates: Stay vigilant for any updates or communications from the JupiterX Core Plugin developers regarding a potential fix. Regularly check for plugin updates once a patched version becomes available.
  3. Consult Security Experts: Seek advice from WordPress security experts or developers to assess the potential impact on a website and implement additional security measures.
  4. Backup Your Website: Regularly back up the website to ensure that critical data is protected. In the event of a security incident, having a recent backup can help restore the website to a secure state.