Sucuri company specialists found significnat vulnerabilities in Duplicate Page plugin. This plugin is installed and…
“We found a vulnerability in the way Jetpack processed embed code that has existed since Jetpack 5.1, released in July 2017. Thank you to Adham Sadaqah for disclosing this issue to us in a responsible manner”, — report Jetpack plugin developers.
The open-source Jetpack project is designed to facilitate site management, as well as improve its security and performance. The plugin contains a set of tools to speed up the site, optimize settings, adapt to the desired profile, monitor changes, create backups and provide basic protection against Internet threats.
Additionally, Jetpack is a security solution designed to protect sites from hacking, unauthorized entry and so on. Moreover, basic protection is provided free of charge, and additional features are already available for a fee.
The details about this vulnerability are still scarce. It is only known that it is associated with the processing of WordPress shortcodes that allow you to dynamically load specified HTML objects from the backend server onto pages.
“We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, it is only a matter of time before someone tries to take advantage of this vulnerability”, — inform Jetpack plugin developers.
Vulnerability affects Jetpack branches 5.1 to 7.9 (newest). The patch is included in build 7.9.1. Develipers together with the WordPress.org information security team, have prepared updates for other affected branches and are already distributing them automatically to sites.
The installed plugin can also be updated through the admin panel or manually downloaded the corrective version by opening the corresponding page of the WordPress.org plugin catalog.
Chernars.com is a domain that tries to force you into subscribing to its browser notifications…
Eclipse-adblocker.pro is a site that tries to trick you into clik to its browser notifications…
Initiateadvancedcompletelythe-file.top is a site that tries to force you into subscribing to its browser notifications…
Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…
Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…
Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…
View Comments
[…] about vulnerabilities in WordPress plugins were quite frequent on the information security websites, at least before attackers made attempts […]