In the popular Jetpack plugin for WordPress, the developers fixed the critical vulnerability introduced in July 2017 with the release of the 5.1 branch.Site administrators are encouraged to update the extension to the current build as soon as possible.
“We found a vulnerability in the way Jetpack processed embed code that has existed since Jetpack 5.1, released in July 2017. Thank you to Adham Sadaqah for disclosing this issue to us in a responsible manner”, — report Jetpack plugin developers.
The open-source Jetpack project is designed to facilitate site management, as well as improve its security and performance. The plugin contains a set of tools to speed up the site, optimize settings, adapt to the desired profile, monitor changes, create backups and provide basic protection against Internet threats.
Additionally, Jetpack is a security solution designed to protect sites from hacking, unauthorized entry and so on. Moreover, basic protection is provided free of charge, and additional features are already available for a fee.
The details about this vulnerability are still scarce. It is only known that it is associated with the processing of WordPress shortcodes that allow you to dynamically load specified HTML objects from the backend server onto pages.
“We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, it is only a matter of time before someone tries to take advantage of this vulnerability”, — inform Jetpack plugin developers.
Vulnerability affects Jetpack branches 5.1 to 7.9 (newest). The patch is included in build 7.9.1. Develipers together with the WordPress.org information security team, have prepared updates for other affected branches and are already distributing them automatically to sites.
The installed plugin can also be updated through the admin panel or manually downloaded the corrective version by opening the corresponding page of the WordPress.org plugin catalog.
User Review( votes)