WordPress fixes critical Jetpack plugin vulnerability

Share post:

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors to manipulate files within the WordPress installation. The vulnerability came to light during an internal security audit and was found to exist in an API that has been present in the Jetpack plugin since its initial release back in November 2012.

Jetpack, the team behind the plugin, acknowledged the seriousness of the vulnerability and the potential risks it posed. While there is currently no evidence of the vulnerability being exploited in the wild, the team remains vigilant due to the history of popular WordPress plugins being targeted by threat actors for malicious purposes.

To ensure the security of users’ websites, WordPress has released an automatic update that includes 102 new versions of the Jetpack plugin, each tailored to meet the specific requirements of different WordPress users. The plugin team took immediate action upon discovering the vulnerability, swiftly developing patches and releasing the necessary updates.

This incident is not the first time Jetpack has encountered security weaknesses. In November 2019, version 7.9.1 of the plugin was released to address a defect related to the handling of embed code, which had persisted since July 2017 (version 5.1).

The sources for this piece include an article in TheHackerNews.

Featured Tech Jobs


Related articles

Liberals to add ‘fundamental right to privacy’ to proposed law, but no details yet

As committee hearing start the Innovation minister promises changes to privacy law to meet complaints. Details to fo

Cyber Security Today, Sept. 27 2023 – Hackers are targeting luxury hotels, a Red Cross scam and more

This episode reports on phishing campaigns against the hospitality sector, a new ransomware operato

Ransomware attacks on U.S. public sector at record high

Ransomware attacks on the U.S. public sector are on track to reach record levels in 2023, with both...

APT hacking group AtlasCross targets organizations

A new advanced persistent threat (APT) hacking group named AtlasCross has been discovered targeting organizations with phishing lures...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways