Jetpack, a WordPress plug-in for boosting website security and speed has issued a critical update following a routine audit that turned up a security vulnerability in its API.
Jetpack issued an advisory this week, noting, "This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation."
The most up-to-date version is Jetpack 12.1.1.
Jetpack added that there is no evidence the API bug has been exploited in the wild, but it's pushing patches out to millions of affected websites, in the form of 102 new versions.
"To help you in this process, we have worked closely with the WordPress.org Security Team to release patched versions of every version of Jetpack since 2.0," the update said. "Most websites have been or will soon be automatically updated to a secured version."