Security News > 2023 > June > Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that's installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in November 2012.
"This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation," Jetpack said in an advisory.
102 new versions of Jetpack have been released to remediate the bug.
While there is no evidence the issue has been exploited in the wild, it's not uncommon for flaws in popular WordPress plugins to be leveraged by threat actors looking to take over the sites for malicious ends.
In November 2019, Jetpack released version 7.9.1 to fix a defect in the way the plugin handled embed code that had existed since July 2017.
News URL
https://thehackernews.com/2023/06/urgent-wordpress-update-fixes-critical.html
Related news
- Jetpack fixes critical information disclosure flaw existing since 2016 (source)
- WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites (source)
- Jetpack fixes 8-year-old flaw affecting millions of WordPress sites (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)