WordPress fixes critical Jetpack plugin vulnerability

Share post:

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors to manipulate files within the WordPress installation. The vulnerability came to light during an internal security audit and was found to exist in an API that has been present in the Jetpack plugin since its initial release back in November 2012.

Jetpack, the team behind the plugin, acknowledged the seriousness of the vulnerability and the potential risks it posed. While there is currently no evidence of the vulnerability being exploited in the wild, the team remains vigilant due to the history of popular WordPress plugins being targeted by threat actors for malicious purposes.

To ensure the security of users’ websites, WordPress has released an automatic update that includes 102 new versions of the Jetpack plugin, each tailored to meet the specific requirements of different WordPress users. The plugin team took immediate action upon discovering the vulnerability, swiftly developing patches and releasing the necessary updates.

This incident is not the first time Jetpack has encountered security weaknesses. In November 2019, version 7.9.1 of the plugin was released to address a defect related to the handling of embed code, which had persisted since July 2017 (version 5.1).

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways