via pluginvulnerabilities.com => original post link
Earlier today, Wordfence released an odd post on their blog. In the post they disclosed an incredibly easy to exploit a vulnerability in a WordPress plugin named Jupiter X Core, which allows anyone logged in to WordPress to change their role to Administrator. They claim to have engaged in “responsible disclosure” with this. While they didn’t provide what they labeled as a proof of concept, the information provides the equivalent of that. They are telling people to update version 2.0.8 of the plugin:
If you are running the JupiterX Core Plugin version 2.0.7 or below, you should immediately update it to version 2.0.8 or higher. [Read more]