WordPress fixes critical Jetpack plugin vulnerability

Share post:

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors to manipulate files within the WordPress installation. The vulnerability came to light during an internal security audit and was found to exist in an API that has been present in the Jetpack plugin since its initial release back in November 2012.

Jetpack, the team behind the plugin, acknowledged the seriousness of the vulnerability and the potential risks it posed. While there is currently no evidence of the vulnerability being exploited in the wild, the team remains vigilant due to the history of popular WordPress plugins being targeted by threat actors for malicious purposes.

To ensure the security of users’ websites, WordPress has released an automatic update that includes 102 new versions of the Jetpack plugin, each tailored to meet the specific requirements of different WordPress users. The plugin team took immediate action upon discovering the vulnerability, swiftly developing patches and releasing the necessary updates.

This incident is not the first time Jetpack has encountered security weaknesses. In November 2019, version 7.9.1 of the plugin was released to address a defect related to the handling of embed code, which had persisted since July 2017 (version 5.1).

The sources for this piece include an article in TheHackerNews.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Pilot cybersecurity training program for women to recruit third cohort

The program is overseen by the Information and Community Technology Council (ICTC) and funded by Microsoft and the federal

Cyber Security Today, March 6, 2024 – VMware and Apple rush out security updates, a new ScreenConnect malware is found, and more

This episode reports on a survey of IT pros on insider attacks, US sanctions on a group that markets commercial spyware

Canada’s anti-money laundering agency hit by a cyber attack

FINTRAC says it has been managing the attack for the pas

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways