Security News > 2023 > May > WordPress force installs critical Jetpack patch on 5 million sites
Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in.
According to the official WordPress plug-in repository, the plug-in is maintained by Automattic, and it now has over 5 million active installations.
Jetpack 12.1.1, the security patch currently automatically rolling out to all WordPress websites using the plug-in, started rolling out today and has already been installed on more than 4,130,000 sites using every version of Jetpack since 2.0.
"Please update your version of Jetpack as soon as possible to ensure the security of your site. To help you in this process, we have worked closely with the WordPress.org Security Team to release patched versions of every version of Jetpack since 2.0. Most websites have been or will soon be automatically updated to a secured version."
This is not the first time Automattic has used automated deployment of security updates to patch critical issues in WordPress plug-ins or installations.
WordPress developer Samuel Wood said in October 2020 that Automattic has used this approach to push "Security releases for plug-ins many times" since WordPress 3.7 was released.
News URL
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)