Privilege escalation is a malicious tactic to misuse an app or OS issue or configuration problem to get unauthorized access to sensitive information by taking over a user’s account that would ordinarily be inaccessible to the current user.
By getting these permissions, a hostile actor may undertake a number of operations on the operating system or server, such as executing commands or aiding malware infection inside the network, which can cause business interruption, exposing of sensitive data, or system takeover. This is privilege abuse.
WordPress security researchers have identified a number of flaws that are present in the Jupiter Theme and JupiterX Core plugins for the WordPress content management system. One of these vulnerabilities is a serious privilege escalation problem.
This vulnerability allows any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges and completely take over any site running either the Jupiter Theme or JupiterX Core Plugin. The JupiterX Core plugin is required for the JupiterX theme.
The classic Jupiter Theme contains a function, uninstallTemplate, which is intended to reset a site after a template is uninstalled, but has the additional effect of elevating the user calling the function to an administrator role. In JupiterX,