Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
Jetpack WordPress Plug-in API Bug Triggers Mass UpdatesJetpack WordPress Plug-in API Bug Triggers Mass Updates
An audit uncovers an API-related security vulnerability dating back to Jetpack version 2.0 released in 2012 — and it affects millions of websites.
Dark Reading Staff
June 1, 2023
1 Min Read
Source: Jeff Gilbert via Alamy Stock Photo
Jetpack, a WordPress plug-in for boosting website security and speed has issued a critical update following a routine audit that turned up a security vulnerability in its API.
Jetpack issued an advisory this week, noting, "This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation."
The WordPress plug-in has been downloaded more than 5 million times, and according to Jetpack's security update, has included the critical API flaw since its 2.0 version was released back in 2012.
The most up-to-date version is Jetpack 12.1.1.
Jetpack added that there is no evidence the API bug has been exploited in the wild, but it's pushing patches out to millions of affected websites, in the form of 102 new versions.
"To help you in this process, we have worked closely with the WordPress.org Security Team to release patched versions of every version of Jetpack since 2.0," the update said. "Most websites have been or will soon be automatically updated to a secured version."
About the Author(s)
You May Also Like
More Insights
Webinars
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023
Events
