A critical vulnerability affects the Jetpack WordPress Plugin version Jetpack 5.1. and later, admins and owners of WordPress websites are urged to update their installs to Jetpack version 7.9.1.
Jetpack is a popular WordPress plugin with over 5 million active installations that provides a suite of features for security, performance, and site management.
The popular plugin was developed and maintained by Automattic, the company behind WordPress. The flaw was responsibly disclosed by the researcher Adham Sadaqah, it resides in the way Jetpack processed embed code. “
The good news is that the maintainers of the popular WordPress plugin have no evidence that this vulnerability has been exploited in the wild.
“We found a vulnerability in the way Jetpack processed embed code that has existed since Jetpack 5.1, released in July 2017. Thank you to Adham Sadaqah for disclosing this issue to us in a responsible manner.” reads a blog post published on the Jetpack website.
“We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, it is only a matter of time before someone tries to take advantage of this vulnerability.”
At the time, both Sadaqah and the developers behind the plugin did not reveal details of the issue to avoid its exploitation by threat actors and to protect the sites that haven’t yet updated.
Experts pointed out that it is only a matter of time before attackers try to exploit this flaw.
The development team revealed that it worked with the WordPress.org Security Team to release patched versions of every version of Jetpack since 5.1.
Developers also say that they worked with the WordPress.org Security Team to release patches for every version of Jetpack since 5.1. Most websites have been or will soon be automatically updated.
At the time of writing over four million out of 5 million WordPress installs run updated versions of the plugin.
Versions released today include 5.1.1, 5.2.2, 5.3.1, 5.4.1, 5.5.2, 5.6.2, 5.7.2, 5.8.1, 5.9.1, 6.0.1, 6.1.2, 6.2.2, 6.3.4, 6.4.3, 6.5.1, 6.6.2, 6.7.1, 6.8.2, 6.9.1, 7.0.2, 7.1.2, 7.2.2, 7.3.2, 7.4.2, 7.5.4, 7.6.1, 7.7.3, 7.8.1, 7.9.1.
The latest version 7.9.1 also addressed other minor issues, including improved compatibility with Twenty Twenty, the new default theme for WordPress.
You can update your installation to the 7.9.1 version using the dashboard, or manually downloading the Jetpack 7.9.1 release here.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – WordPress, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.