News

5 Million WordPress Sites Forced to Update for Jetpack Plugin

The Automattic developers and the WordPress security team are deploying a forced security update to millions of sites with the Jetpack plugin installed.

The patch fixes a critical vulnerability in the plugin.

Let me remind you that we also wrote that 1.2 million WordPress site owners were affected by the GoDaddy data breach, and information security specialists also reported that Hackers Scanned 1.6 Million WordPress Sites Looking for a Vulnerable Plugin.

With nearly 5 million installations, Jetpack provides users with free security, performance, and site management features, including brute-force protection, backup, secure login, and malware scanning. Automattic itself created and maintained the plugin.

During an internal security audit, we identified a vulnerability in the API available in Jetpack since version 2.0 released in 2012. This vulnerability could be exploited by site authors to manipulate any files in WordPress.say the developers.

The patch was included in Jetpack 12.1.1 and this version was automatically distributed to all WordPress sites using the plugin. According to official statistics, the rollout of the update has already been successfully completed, and most sites are now automatically updated to the latest secure version.

Automattic engineers warn that although no signs of exploitation of the vulnerability have been found, attackers are likely to learn the details of the problem soon and create exploits to attack unpatched sites.

Please update your version of Jetpack as soon as possible to keep your resource safe. To help you through this process, we have worked closely with the WordPress.org security team to release fixes for every version of Jetpack since 2.0. Most of the sites have already been or will be automatically updated to a secure version in the near future.the official message reads.
By the way, this is not the first time there have been problems with this plugin, for example, we reported that WordPress developers forcibly update Jetpack plugin on 5 million sites.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Kurlibat.xyz pop-up ads (Virus Removal Guide)

Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…

9 hours ago

Remove Initiateintenselyrenewedthe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…

9 hours ago

Remove Wotigorn.xyz pop-up ads (Virus Removal Guide)

Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…

9 hours ago

Remove Initiateintenselyprogressivethe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…

9 hours ago

Remove Nuesobatoxylors.co.in pop-up ads (Virus Removal Guide)

Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…

13 hours ago

Remove Helistym.xyz pop-up ads (Virus Removal Guide)

Helistym.xyz is a site that tries to force you into clik to its browser notifications…

13 hours ago