Critical Jetpack WordPress Flaw Exposes Millions of Website

To address a critical vulnerability in the Jetpack WordPress plug-in, Automattic, the company that created the open-source WordPress content management system, has begun enforcing the installation of a security patch on millions of websites.

Reports stated no proof that the vulnerability had been used in the wild.

“We released a new version of Jetpack, 12.1.1. This release contains a critical security update.”

“While we have no evidence that this vulnerability has been exploited yet, please update your version of Jetpack as soon as possible to ensure your site’s security, ” said Automatic Developer Relations Engineer Jeremy Herve.

An extremely well-liked plug-in called Jetpack offers free security, performance, and website administration enhancements, such as site backups, brute-force assault defense, secure logins, malware scanning, etc.

The plug-in is maintained by Automattic, according to the official WordPress plug-in repository, and there are currently more than 5 million active installations.

“During an internal security audit, we found a vulnerability with the API available in Jetpack since version 2.0, released in 2012. This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation”, Jeremy Herve.

Update Your Version Of Jetpack

Further, Jetpack 12.1.1, the security update that is presently being automatically distributed to all WordPress websites utilizing the plug-in, began rolling out today and has already been updated on more than 4,130,000 sites using every version of Jetpack since 2.0.

JetPack installations

Herve further warned website administrators that even though there are no indications that the problem has been utilized in attacks

They should still ensure their sites are secure because hackers will probably learn about the flaw’s specifics and develop exploits that target unpatched WordPress websites.

“We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, someone may try to take advantage of this vulnerability,” Jeremy Herve said.

“Please update your version of Jetpack as soon as possible to ensure the security of your site.”

“To help you in this process, we have worked closely with the WordPress[.]org Security team to release patched versions of every version of Jetpack since 2.0. Most websites have been or will soon be automatically updated to a secured version.”

Shut Down Phishing Attacks with Device Posture Security – Download Free E-Book