Researchers have found a critical flaw in two themes used by more than 90,000 WordPress sites. WordFenceThreat Intelligence Team researcher Ramuel Gall discovered the defect. Two versions of the themes were affected: Jupiter Theme 6.10.1 or earlier and JupiterX Core Plugin 2.0.7 or earlier. The flaw was found between April and Early May.
One of the flaws tracked as CVE-2022-1654 are a vulnerability that allows "any authenticated attacker, including subscribers and customers," to take full control of any site running JupiterX Core Plugin."The plugin is required to run the Jupiter X. On May 3, 2022, WordFence notified the developers of the Jupiter theme flaw. Specifically, the critical flaw is in a function intended to reset a site after uninstalling a template; in the Jupiter theme, the function is found in the theme itself; in Jupiter X, it’s present in the Jupiter
https://www.wordfence.com/blog/2022/...remium-themes/
