Critical Jetpack WordPress Flaw Exposes Millions of Website

To address a critical vulnerability in the Jetpack WordPress plug-in, Automattic, the company that created the open-source WordPress content management system, has begun enforcing the installation of a security patch on millions of websites.

Reports stated no proof that the vulnerability had been used in the wild.

“We released a new version of Jetpack, 12.1.1. This release contains a critical security update.”

“While we have no evidence that this vulnerability has been exploited yet, please update your version of Jetpack as soon as possible to ensure your site’s security, ” said Automatic Developer Relations Engineer Jeremy Herve.

An extremely well-liked plug-in called Jetpack offers free security, performance, and website administration enhancements, such as site backups, brute-force assault defense, secure logins, malware scanning, etc.

The plug-in is maintained by Automattic, according to the official WordPress plug-in repository, and there are currently more than 5 million active installations.

“During an internal security audit, we found a vulnerability with the API available in Jetpack since version 2.0, released in 2012. This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation”, Jeremy Herve.

Update Your Version Of Jetpack

Further, Jetpack 12.1.1, the security update that is presently being automatically distributed to all WordPress websites utilizing the plug-in, began rolling out today and has already been updated on more than 4,130,000 sites using every version of Jetpack since 2.0.

JetPack installations

Herve further warned website administrators that even though there are no indications that the problem has been utilized in attacks

They should still ensure their sites are secure because hackers will probably learn about the flaw’s specifics and develop exploits that target unpatched WordPress websites.

“We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, someone may try to take advantage of this vulnerability,” Jeremy Herve said.

“Please update your version of Jetpack as soon as possible to ensure the security of your site.”

“To help you in this process, we have worked closely with the WordPress[.]org Security team to release patched versions of every version of Jetpack since 2.0. Most websites have been or will soon be automatically updated to a secured version.”

Shut Down Phishing Attacks with Device Posture Security – Download Free E-Book

Guru baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these systems to steal sensitive data, interrupt…

2 hours ago

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a threat actor to read sensitive files…

3 hours ago

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes. Resecurity researchers have recently revealed that…

3 hours ago

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million Ecuadorian citizens. The announcement was made…

3 hours ago

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery efforts following a recent cybersecurity breach.…

6 hours ago

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection for Amazon Simple Storage Service (Amazon…

7 hours ago