Sunday, September 8, 2024
HomeCyber Security NewsCritical Jetpack WordPress Flaw Exposes Millions of Website

Critical Jetpack WordPress Flaw Exposes Millions of Website

Published on

To address a critical vulnerability in the Jetpack WordPress plug-in, Automattic, the company that created the open-source WordPress content management system, has begun enforcing the installation of a security patch on millions of websites.

Reports stated no proof that the vulnerability had been used in the wild.

“We released a new version of Jetpack, 12.1.1. This release contains a critical security update.”

- Advertisement - EHA

“While we have no evidence that this vulnerability has been exploited yet, please update your version of Jetpack as soon as possible to ensure your site’s security, ” said Automatic Developer Relations Engineer Jeremy Herve.

An extremely well-liked plug-in called Jetpack offers free security, performance, and website administration enhancements, such as site backups, brute-force assault defense, secure logins, malware scanning, etc.

The plug-in is maintained by Automattic, according to the official WordPress plug-in repository, and there are currently more than 5 million active installations.

“During an internal security audit, we found a vulnerability with the API available in Jetpack since version 2.0, released in 2012. This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation”, Jeremy Herve.

Update Your Version Of Jetpack

Further, Jetpack 12.1.1, the security update that is presently being automatically distributed to all WordPress websites utilizing the plug-in, began rolling out today and has already been updated on more than 4,130,000 sites using every version of Jetpack since 2.0.

JetPack installations

Herve further warned website administrators that even though there are no indications that the problem has been utilized in attacks

They should still ensure their sites are secure because hackers will probably learn about the flaw’s specifics and develop exploits that target unpatched WordPress websites.

“We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, someone may try to take advantage of this vulnerability,” Jeremy Herve said.

“Please update your version of Jetpack as soon as possible to ensure the security of your site.”

“To help you in this process, we have worked closely with the WordPress[.]org Security team to release patched versions of every version of Jetpack since 2.0. Most websites have been or will soon be automatically updated to a secured version.”

Shut Down Phishing Attacks with Device Posture Security – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...