Critical Vulnerability Discovered in Jupiter X Core WordPress Plugin

A critical security flaw, identified as CVE-2025-0366, has been found in the Jupiter X Core WordPress plugin, which is actively used on over 90,000 websites. The vulnerability allows authenticated attackers with contributor-level access to execute remote code through a combination of Local File Inclusion (LFI) and the uploading of malicious SVG files.

Key details of the vulnerability and its resolution: Discovery and Bounty: Researcher stealthcopter discovered the vulnerability through the Wordfence Bug Bounty Program, receiving a reward of $782. The Wordfence Bug Bounty Program has resolved over 1,200 vulnerabilities since 2022. Technical Breakdown: The vulnerability involves unrestricted SVG uploads and Local