CVE-2025-3888

Name of the Vulnerable Software and Affected Versions: Jupiter X Core plugin for WordPress versions up to, and including, 4.8.12

Description: The issue is related to Stored Cross-Site Scripting via SVG File inclusion due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the included SVG file.

Recommendations: For Jupiter X Core plugin for WordPress versions up to, and including, 4.8.12, update to a version higher than 4.8.12 to resolve the issue. As a temporary workaround, consider restricting access to SVG file inclusion functionality to minimize the risk of exploitation.