Developers fixed critical vulnerability in popular Jetpack WordPress plugin

In the popular Jetpack plugin for WordPress, the developers fixed the critical vulnerability introduced in July 2017 with the release of the 5.1 branch.

Site administrators are encouraged to update the extension to the current build as soon as possible.

“We found a vulnerability in the way Jetpack processed embed code that has existed since Jetpack 5.1, released in July 2017. Thank you to Adham Sadaqah for disclosing this issue to us in a responsible manner”, — report Jetpack plugin developers.

The open-source Jetpack project is designed to facilitate site management, as well as improve its security and performance. The plugin contains a set of tools to speed up the site, optimize settings, adapt to the desired profile, monitor changes, create backups and provide basic protection against Internet threats.

Read also: Phineas Fisher contacted the media and offered $ 100,000 to hackers that would attack banks and oil companies

Additionally, Jetpack is a security solution designed to protect sites from hacking, unauthorized entry and so on. Moreover, basic protection is provided free of charge, and additional features are already available for a fee.

The details about this vulnerability are still scarce. It is only known that it is associated with the processing of WordPress shortcodes that allow you to dynamically load specified HTML objects from the backend server onto pages.

“We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, it is only a matter of time before someone tries to take advantage of this vulnerability”, — inform Jetpack plugin developers.

Vulnerability affects Jetpack branches 5.1 to 7.9 (newest). The patch is included in build 7.9.1. Develipers together with the WordPress.org information security team, have prepared updates for other affected branches and are already distributing them automatically to sites.

The installed plugin can also be updated through the admin panel or manually downloaded the corrective version by opening the corresponding page of the WordPress.org plugin catalog.

According to WordPress.com statistics, Jetpack currently has over 5 million active installations. About half of these sites use the plugin versions below 7.7, just over 37% use version 7.9. Thanks to automatic updates, the vulnerable extension has patched more than 4 million sites.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Check Also

Huawei 5G and cyber espionage

Huawei success in 5G may be due to cyber espionage

According to Bloomberg, Chinese hackers could steal innovations from computer networks of Canadian Nortel and, …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.