Critical security flaw in WordPress Jetpack plugin

djbaxter

Administrator
Joined
Nov 10, 2016
Messages
2,062
Points
113
Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin
By Sergiu Gatlan, BleepingComputer.com
Nov 21, 2019

Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability that has existed since Jetpack 5.1.

You can update your installation to the 7.9.1 version through your dashboard, or manually download the Jetpack 7.9.1 release here.

While not a lot of details were disclosed regarding the security flaw to protect the sites that haven't yet updated, the announcement made by Jetpack says that the bug impacts all versions starting with the 5.1 release and going back as far as July 2017.

The Jetpack developers state that no evidence was discovered until the release of the critical Jetpack 7.9.1 security update that the vulnerability has been exploited in the wild.

Read more...
 
Top