The vulnerability, identified as CVE-2025-0366, is a threat to websites using this popular theme framework, which could allow cybercriminals to take full control of affected sites.

According to the advisory, the security flaw is categorised as an unauthenticated privilege escalation vulnerability. This means that attackers can exploit the flaw to execute arbitrary code or gain administrative access without needing authentication credentials.

Such vulnerabilities are particularly dangerous because they grant attackers unrestricted control over a compromised website.

If exploited, cybercriminals could:

• Gain full control over affected WordPress sites
• Modify or delete website content
• Inject malware or malicious scripts
• Deface websites or redirect traffic
• Steal sensitive user data

With many businesses, organisations, and individuals relying on WordPress, the impact of this vulnerability could be severe, particularly for website owners handling sensitive customer information.

Recommended Actions for Website Owners

To mitigate the risk posed by this vulnerability, NITDA has outlined the following precautionary measures:

1. Update the Plugin: Website administrators should immediately update the Jupiter X Core plugin to the latest patched version 4.8.8.
2. Remove Unused or Outdated Plugins: Unused or obsolete plugins should be deleted to reduce potential attack surfaces.
3. Monitor for Unauthorised Access: Regularly check for suspicious admin accounts or unexpected changes in website content.
4. Implement Strong Authentication Measures: Enforce strong passwords, two-factor authentication (2FA), and role-based access controls to improve security.

Cyber threats targeting WordPress plugins are currently increasing and security experts have frequently warned that outdated or poorly maintained plugins are a leading entry point for hackers.

With WordPress powering over 40% of all websites globally, vulnerabilities in widely used plugins like Jupiter X Core present an attractive target for cybercriminals.

Recently, similar security issues have been identified in other WordPress extensions, leading to data breaches, malware infections, and website defacements.

Experts recommend that website owners adopt a more protective approach to cybersecurity, including regular updates, security audits, and implementing website firewalls to block malicious activity.

This weakness can compromise over 5 million websites worldwide, allowing malicious actors to gain unauthorised administrative access with minimal effort.

The vulnerability comes from an inadequacy within the plugin’s “role simulation” feature. By exploiting this weakness, attackers can take full control of a website without needing authentication. 

Once access is gained, they can deploy malicious plugins, siphon off sensitive data, or redirect users to harmful sites. The ease of exploitation is worsened by the use of a weak hash function and poorly secured debug logs, enabling cybercriminals to leverage brute-force methods for gaining entry.

Affected websites face a high risk of data theft, where attackers could potentially extract confidential user information, including personal and payment details. 

Again, the integrity of the site could be compromised through defacement, where malicious content could be inserted or services disrupted. Visitors could also be unwittingly directed to fraudulent websites, thereby exposing them to phishing attacks or malware.

Given the large reliance on WordPress and the LiteSpeed Cache plugin, the implications of this security flaw could be severe for businesses, leading to both financial losses and lasting damage to their reputations. 

In light of this, NITDA is strongly advising all administrators of WordPress sites using the LiteSpeed Cache plugin to take immediate action to protect their digital assets.

To mitigate the threat, NITDA recommends that website administrators update the LiteSpeed Cache plugin to the latest version (6.4.1) without delay. Users can verify and perform this update by logging into their WordPress dashboard and navigating to the “Plugins” section. 

Additionally, it is important to disable debugging on live sites, as this feature can inadvertently expose sensitive logs that attackers might exploit.

NITDA further urges website owners to routinely audit their plugin settings and configurations to identify and rectify potential vulnerabilities. “Regular checks for plugin updates and security flaws are essential to safeguarding against cyber threats,” the agency stated.

The LiteSpeed Cache plugin is designed to enhance website performance by caching content and resources, yet its history of vulnerabilities underscores the importance of keeping software up to date.

Previous issues have included cross-site scripting (XSS) vulnerabilities and unauthenticated privilege escalations, which allowed attackers to elevate their user privileges and create new administrator accounts.

The newly announced “100-Year Plan” offers customers the opportunity to secure their digital presence for a century, setting a new benchmark for longevity in the online world and enhancing the way individuals, families, and companies perceive their digital assets. 

Geared towards families seeking to preserve their cherished memories, founders documenting their company’s journey, and individuals anticipating the unpredictable changes in technology, the plan is a unique offering in online hosting and protection.

At the core of the 100-Year Plan is the future-proofing of the digital landscape. WordPress aims to provide the following offering:

1. Century-Long Domain Registration: While traditional domain registrations span a decade, this groundbreaking plan extends the registration period to an astonishing century. Recognizing the value of domains as vital digital assets, WordPress’s initiative aims to secure these virtual spaces for generations to come.

2. Comprehensive Backup and Preservation: In their role as guardians of digital legacies, WordPress will maintain multiple backups across geographically distributed data centers. Notably, public sites will automatically be submitted to the Internet Archive, ensuring that the content endures even through the shifts of time.

3. Advanced Ownership Protocols: Facilitating life’s transitions becomes seamless with WordPress’s enhanced ownership assistance. Whether gifting a website to a newborn or facilitating ownership transfers, the platform pledges support every step of the way.

4. Top-Tier Managed Hosting: This plan offers the epitome of managed WordPress hosting, including unrivaled speed, unmetered bandwidth, and impenetrable security, all bundled into one comprehensive package.

5. Premier Support, 24/7: The 100-Year Plan includes dedicated, personalized support from the moment of interest form submission, ensuring that customers are comprehensively cared for throughout their digital journey.

Considering the Cost

While the promise of safeguarding digital assets for a century is enticing, this remarkable feat comes at a price. The 100-Year Plan requires a substantial one-time payment of $38,000, reflecting the groundbreaking nature of the offering.

As the digital landscape constantly evolves, questions arise about how WordPress intends to adapt and keep domains and backups relevant over the course of a century. Moreover, uncertainty surrounds the fate of domains should the company decide to discontinue the program. While the longevity of tech companies like IBM, AT&T, and Siemens shows adapting offerings, the ever-changing nature of the internet and computing introduces an element of intrigue about the journey ahead.

Matt Mullenweg, CEO of WordPress, envisions this plan as a gateway to inspiring long-term thinking in individuals and companies alike. As an organization that has recently embraced novel products and features, such as AI writing assistants and paid newsletters, WordPress’s 100-Year Plan showcases its continued commitment to innovation and adaptation.

I actually thought it was just a non-coding tool until I settled down to consult experts in the field and found I was wrong all along.

In a chat with Chukwuemeka Orjiani M., Founder and CEO of iDot Creations Ent., he said: “WordPress may seem like a non-coding tool for beginners, but at the end of the day, if you do not understand CSS, HTML and PHP very well, you may find it difficult to use WordPress at professional level.”

Explaining further, Adeyinka Adenaike, a Website and Tech-Savvy Expert, said: “WordPress is a Content Management System (CMS) publishing tool that can be used to develop different types of websites such as blog, magazine, eCommerce, corporate, forum and social media websites.

It started in 2002 as a blog publishing tool but grew over time and it is open-source which means you can use it to create any type of website for FREE.”

Interesting Statistics About WordPress

1. Roughly every two minutes, another top 10 million sites start using WordPress. (W3Techs, 2021)
2. Its usage has increased at an average of 12% per year since 2011. (W3Techs, 2022)
3. Wordfence blocked 18.5 billion password attack requests on WordPress websites in the first half of 2021. (Wordfence, 2021)
4. Approximately 90% of WordPress vulnerabilities are plugin vulnerabilities. 6% are theme vulnerabilities and 4% are core software vulnerabilities
5. This tool powers 36.28% of the top 1 million websites. (BuiltWith, 2022)
6. It has been the fastest growing content management system for 12 years in a row. (W3Techs, 2022)

I never knew that there were different types of WordPress, but Adenaike enlightened on this. WordPress.com and WordPress.org are the two types that exist.

WordPress.com is more of a hosting platform which powers your website and it is limited but WordPress.org is a self-hosted software which allows you to download, customize and make it yours.

Orjiani made us understand that generally, WordPress can be used by everyone, professionals and non-professionals, to create beautiful websites within minutes, but it still requires vast knowledge of graphic design, imaging and certain other skills to get the website together. 

Why do most publishing companies leverage this tool?

Did you know that WordPress is leveraged by BBC, CNN, Microsoft, several Banks, and others? The tool powers about 43% of online websites and has a huge database of free and premium themes and plugins (extensions) to extend the functionality of any website.

This makes WordPress unique.

Adenaike asserted that this tool is user-friendly – both the backend, frontend and also developer friendly, unlike other CMS platforms. “It is secure and also has some security extension plugins to tighten the security.”

Orjiani agreed that: “It is open-source, free to use, can be navigated and modified seamlessly, and has so many themes to suit your design needs.”

But he said it can have security issues, and also, the lack of programming knowledge can make it very difficult for you in terms of the use of certain plugins and code-breaking.

Asides from publishing and building websites, what else can WordPress be used for?

Adenaike said this globally used innovation can be used as a headless interface for Apps. “When using WordPress in its headless state, you are free to display your content when and where you want it in any technology platform. An example of this in practice would be authoring a blog in WordPress that will then be made available to your iOS and Android app to read.”

On reasons why WordPress is one of the most preferred non-coding tools, Adenaike highlights:

• It has the highest database of free plugins and themes compared to other CMS
• It has well-informed documentation online
• It is open-source and there is room for contribution and a large number of online community
• It is flexible, dynamic and can be used to create any type of website like membership website, eCommerce website, job and recruitment portal, education websites, etc

Conclusively, I couldn’t help but wonder; Would this tool still be a big thing and still be widely used as it is today in the next 10 to 20 years?

Adenaike’s response was simple: “Change is one constant thing. New technologies and coding languages keep coming out always, but with the way WordPress keeps evolving with technology, I believe they will still be widely used in 10 to 20 years.”