A critical vulnerability affects the Jetpack WordPress Plugin version Jetpack 5.1.
The popular plugin was developed and maintained by Automattic, the company behind WordPress.
The good news is that the maintainers of the popular WordPress plugin have no evidence that this vulnerability has been exploited in the wild.
“We found a vulnerability in the way Jetpack processed embed code that has existed since Jetpack 5.1, released in July 2017. Thank you to Adham Sadaqah for disclosing this issue to us in a responsible manner.” reads a blog post published on the Jetpack website.
“We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, it is only a matter of time before someone tries to take advantage of this vulnerability.”
At the time, both
Experts pointed out that it is only a matter of time before attackers try to exploit this flaw.
The development team revealed that it worked with the WordPress.org Security Team to release patched versions of every version of Jetpack since 5.1.
Developers also say that they worked with the WordPress.org Security Team to release patches for every version of Jetpack since 5.1. Most websites have been or will soon be automatically updated.
At the time of writing over four million out of 5 million WordPress installs run updated versions of the plugin.
Versions released today include 5.1.1, 5.2.2, 5.3.1, 5.4.1, 5.5.2, 5.6.2, 5.7.2, 5.8.1, 5.9.1, 6.0.1, 6.1.2, 6.2.2, 6.3.4, 6.4.3, 6.5.1, 6.6.2, 6.7.1, 6.8.2, 6.9.1, 7.0.2, 7.1.2, 7.2.2, 7.3.2, 7.4.2, 7.5.4, 7.6.1, 7.7.3, 7.8.1, 7.9.1.
The latest version 7.9.1 also addressed other minor issues, including improved compatibility with Twenty Twenty, the new default theme for WordPress.
You can update your installation to the 7.9.1 version using the dashboard, or manually downloading the Jetpack 7.9.1 release here.
(SecurityAffairs – WordPress, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.