Security News > 2023 > May > WordPress force installs critical Jetpack patch on 5 million sites
Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in.
According to the official WordPress plug-in repository, the plug-in is maintained by Automattic, and it now has over 5 million active installations.
Jetpack 12.1.1, the security patch currently automatically rolling out to all WordPress websites using the plug-in, started rolling out today and has already been installed on more than 4,130,000 sites using every version of Jetpack since 2.0.
"Please update your version of Jetpack as soon as possible to ensure the security of your site. To help you in this process, we have worked closely with the WordPress.org Security Team to release patched versions of every version of Jetpack since 2.0. Most websites have been or will soon be automatically updated to a secured version."
This is not the first time Automattic has used automated deployment of security updates to patch critical issues in WordPress plug-ins or installations.
WordPress developer Samuel Wood said in October 2020 that Automattic has used this approach to push "Security releases for plug-ins many times" since WordPress 3.7 was released.
News URL
Related news
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Jetpack fixes critical information disclosure flaw existing since 2016 (source)
- WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites (source)
- Jetpack fixes 8-year-old flaw affecting millions of WordPress sites (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)