Security News > 2023 > May > WordPress force installs critical Jetpack patch on 5 million sites

Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in.

According to the official WordPress plug-in repository, the plug-in is maintained by Automattic, and it now has over 5 million active installations.

Jetpack 12.1.1, the security patch currently automatically rolling out to all WordPress websites using the plug-in, started rolling out today and has already been installed on more than 4,130,000 sites using every version of Jetpack since 2.0.

"Please update your version of Jetpack as soon as possible to ensure the security of your site. To help you in this process, we have worked closely with the WordPress.org Security Team to release patched versions of every version of Jetpack since 2.0. Most websites have been or will soon be automatically updated to a secured version."

This is not the first time Automattic has used automated deployment of security updates to patch critical issues in WordPress plug-ins or installations.

WordPress developer Samuel Wood said in October 2020 that Automattic has used this approach to push "Security releases for plug-ins many times" since WordPress 3.7 was released.

News URL

https://www.bleepingcomputer.com/news/security/wordpress-force-installs-critical-jetpack-patch-on-5-million-sites/