WordPress Jetpack Critical Vulnerability, Update now

Internet security this week has taken a hammering with HeartBleed and now critical vulnerability has been discovered in Jetpack  which is probably the most used plugin for WordPress.

If you are using Jetpack in your WordPress site, please make sure you update it straight away to version 2.9.3

Here is the information from the Jetpack blog

During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012.

Fortunately, we have no evidence of this being used in the wild. However, now that this update is public, it’s just a matter of time before exploits occur. To avoid a breach, you should update your site as soon as possible.

This is a bad bug, and Jetpack is one of the most widely used plugins in the WordPress world. We have been working closely with the WordPress security team, which has pushed updates to every version of the plugin since 1.9 through core’s auto-update system. We have also coordinated with a number of hosts and network providers to install network-wide blocks to mitigate the impact of this vulnerability, but the only sure fix is updating the plugin.

Related posts ...
WordPress 5.2 has just dropped :). This is a major security release for WordPress and
While WordPress 3.9 is just around the corner and releasing next week (fingers crossed), A
Great to see a security update for WordPress 3.5.2 WordPress 3.5.2 Maintenance and Security Release.
The next Release for the most used CMS in the world WordPress is almost at

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>