Cyber Security News

Critical Jetpack WordPress Flaw Exposes Millions of Website

To address a critical vulnerability in the Jetpack WordPress plug-in, Automattic, the company that created the open-source WordPress content management system, has begun enforcing the installation of a security patch on millions of websites.

Reports stated no proof that the vulnerability had been used in the wild.

“We released a new version of Jetpack, 12.1.1. This release contains a critical security update.”

“While we have no evidence that this vulnerability has been exploited yet, please update your version of Jetpack as soon as possible to ensure your site’s security, ” said Automatic Developer Relations Engineer Jeremy Herve.

An extremely well-liked plug-in called Jetpack offers free security, performance, and website administration enhancements, such as site backups, brute-force assault defense, secure logins, malware scanning, etc.

The plug-in is maintained by Automattic, according to the official WordPress plug-in repository, and there are currently more than 5 million active installations.

“During an internal security audit, we found a vulnerability with the API available in Jetpack since version 2.0, released in 2012. This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation”, Jeremy Herve.

Update Your Version Of Jetpack

Further, Jetpack 12.1.1, the security update that is presently being automatically distributed to all WordPress websites utilizing the plug-in, began rolling out today and has already been updated on more than 4,130,000 sites using every version of Jetpack since 2.0.

JetPack installations

Herve further warned website administrators that even though there are no indications that the problem has been utilized in attacks

They should still ensure their sites are secure because hackers will probably learn about the flaw’s specifics and develop exploits that target unpatched WordPress websites.

“We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, someone may try to take advantage of this vulnerability,” Jeremy Herve said.

“Please update your version of Jetpack as soon as possible to ensure the security of your site.”

“To help you in this process, we have worked closely with the WordPress[.]org Security team to release patched versions of every version of Jetpack since 2.0. Most websites have been or will soon be automatically updated to a secured version.”

Shut Down Phishing Attacks with Device Posture Security – Download Free E-Book

Guru Baran

Guru is an Ex-Security Engineer at Comodo Cybersecurity. Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Cryptojacking Campaign Infected Online Thesaurus With Over 5 Million Visitors

Students, authors, and anybody else wishing to improve their vocabulary and language abilities frequently utilize…

1 day ago

Gold Melody Attacking Organizations With Burp Extension, Mimikatz, and Other Tools

The financially motivated GOLD MELODY threat group has been active at least since 2017, attacking…

2 days ago

MOVEit Transfer SQL Injection Let the Attacker Gain Unauthorized Access to the Database

MOVEit transfer service pack has been discovered with three vulnerabilities associated with SQL injections (2)…

2 days ago

LUCR-3 Attacking Fortune 2000 Companies Using Victims’ Own Tools & Apps

A new financially motivated threat group named “LUCR-3” has been discovered targeting organizations to steal…

2 days ago

Is QakBot Malware Officially Dead?

Only a few malware families can claim to have persisted for nearly twenty years, and…

3 days ago

System Admin Pleads Guilty for Selling Pirated Business Phone Software Licenses

For taking part in a large international scheme to earn millions of dollars by selling pirated…

3 days ago