News

5 Million WordPress Sites Forced to Update for Jetpack Plugin

Photo of Daniel Zimmermann Daniel ZimmermannJune 2, 2023
0 92 1 minute read

The Automattic developers and the WordPress security team are deploying a forced security update to millions of sites with the Jetpack plugin installed.

The patch fixes a critical vulnerability in the plugin.

Let me remind you that we also wrote that 1.2 million WordPress site owners were affected by the GoDaddy data breach, and information security specialists also reported that Hackers Scanned 1.6 Million WordPress Sites Looking for a Vulnerable Plugin.

With nearly 5 million installations, Jetpack provides users with free security, performance, and site management features, including brute-force protection, backup, secure login, and malware scanning. Automattic itself created and maintained the plugin.

During an internal security audit, we identified a vulnerability in the API available in Jetpack since version 2.0 released in 2012. This vulnerability could be exploited by site authors to manipulate any files in WordPress.say the developers.

The patch was included in Jetpack 12.1.1 and this version was automatically distributed to all WordPress sites using the plugin. According to official statistics, the rollout of the update has already been successfully completed, and most sites are now automatically updated to the latest secure version.

Automattic engineers warn that although no signs of exploitation of the vulnerability have been found, attackers are likely to learn the details of the problem soon and create exploits to attack unpatched sites.

Please update your version of Jetpack as soon as possible to keep your resource safe. To help you through this process, we have worked closely with the WordPress.org security team to release fixes for every version of Jetpack since 2.0. Most of the sites have already been or will be automatically updated to a secure version in the near future.the official message reads.
By the way, this is not the first time there have been problems with this plugin, for example, we reported that WordPress developers forcibly update Jetpack plugin on 5 million sites.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Tags
Photo of Daniel Zimmermann Daniel ZimmermannJune 2, 2023
0 92 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

hackers attacked thousands of websites

Hackers Attacked Thousands of Asian Websites and Redirected Users to Adult Websites

March 20, 2023

Firefox 66.0 Release – 5 critical vulnerabilities fixed!

March 20, 2019
LinkedIn denies data leak

LinkedIn denies data leak of 500 million users

April 13, 2021
HackerOne employee blackmailed customers

HackerOne Employee Blackmailed Platform Customers

July 5, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button