Popular WordPress Plugin Releases Security Update After a Critical Flaw Discovered
Jetpack, a popular WordPress site optimization plugin, addressed a decade-old vulnerability that leveraged users’ sensitive information. Thousands of WordPress websites were suspected to be under threat.
Jetpack is a WordPress toolkit that helps create better content and provides security, performance, and growth tools. It includes various WordPress plugins, such as Jetpack Boost, Jetpack Protect, Jetpack Search, Jetpack Social, Jetpack VideoPress, Jetpack VaultPress Backup, Jetpack CRM, and Jetpack Akismet Anti-Spam.
Jetpack’s maintainers, Automattic, announced yesterday that, after working closely with the WordPress security team, they discovered a vulnerability during an internal audit and released fixes for all vulnerable versions. The vulnerability is said to have been present in the Contact Form feature since 2016.
Well, this is not something that’s happened for the first time. A similar issue regarding security concerns came to light in a report submitted last year and earlier this year. “Jetpack, a viral WordPress plugin that provides a variety of functions including security features for around five million websites, has received a critical security update following the discovery of a bug that has lurked unnoticed since 2012,” stated Graham Cluley, a cybercrime researcher, and blogger.
The company has said the vulnerability has not been used in malicious attacks. But now that the issue has been made public, there is a possibility that cybercriminals may tamper with the information. Though the users are urged to update to the latest version of the plugin, the concern remains.
“We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, someone may try to take advantage of it,” Jetpack engineer Jeremy Herve said. “We apologize for any extra workload this may put on your shoulders today. We will regularly audit all aspects of our codebase to ensure that your Jetpack site remains safe.”
Jetpack released a complete list of 101 different versions of Jetpack on Tuesday. It ensures its users that their website is not vulnerable and has been automatically updated to a secure version.
Some developers have expressed concerns that they could clash with Mullenweg and WordPress, which has been open-source and free since its creation in 2003. With the culprits still unidentified, a possible threat remains to Jetpack clients.
