Sunday, December 10, 2023

Critical Jetpack WordPress Flaw Exposes Millions of Website

To address a critical vulnerability in the Jetpack WordPress plug-in, Automattic, the company that created the open-source WordPress content management system, has begun enforcing the installation of a security patch on millions of websites.

Reports stated no proof that the vulnerability had been used in the wild.

“We released a new version of Jetpack, 12.1.1. This release contains a critical security update.”

“While we have no evidence that this vulnerability has been exploited yet, please update your version of Jetpack as soon as possible to ensure your site’s security, ” said Automatic Developer Relations Engineer Jeremy Herve.

An extremely well-liked plug-in called Jetpack offers free security, performance, and website administration enhancements, such as site backups, brute-force assault defense, secure logins, malware scanning, etc.

The plug-in is maintained by Automattic, according to the official WordPress plug-in repository, and there are currently more than 5 million active installations.

“During an internal security audit, we found a vulnerability with the API available in Jetpack since version 2.0, released in 2012. This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation”, Jeremy Herve.

Update Your Version Of Jetpack

Further, Jetpack 12.1.1, the security update that is presently being automatically distributed to all WordPress websites utilizing the plug-in, began rolling out today and has already been updated on more than 4,130,000 sites using every version of Jetpack since 2.0.

JetPack installations

Herve further warned website administrators that even though there are no indications that the problem has been utilized in attacks

They should still ensure their sites are secure because hackers will probably learn about the flaw’s specifics and develop exploits that target unpatched WordPress websites.

“We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, someone may try to take advantage of this vulnerability,” Jeremy Herve said.

“Please update your version of Jetpack as soon as possible to ensure the security of your site.”

“To help you in this process, we have worked closely with the WordPress[.]org Security team to release patched versions of every version of Jetpack since 2.0. Most websites have been or will soon be automatically updated to a secured version.”

Shut Down Phishing Attacks with Device Posture Security – Download Free E-Book


Latest articles

WordPress POP Chain Flaw Exposes Over 800M+ Websites to Attack

A critical remote code execution vulnerability has been patched as part of the Wordpress...

Russian Star Blizzard New Evasion Techniques to Hijack Email Accounts

Hackers target email accounts because they contain valuable personal and financial information. Successful email...

Exploitation Methods Used by PlugX Malware Revealed by Splunk Research

PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid...

TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities

Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative...

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...

Endpoint Strategies for 2024 and beyond

Converge and Defend

What's the pulse of Unified Endpoint Management and Security (UEMS) in Europe? Join us live to uncover the strategies that are defining endpoint security in the region.

Related Articles