Decade-old crucial vulnerability in Jetpack patched on hundreds of thousands of WordPress web sites


Jetpack, an especially widespread WordPress plugin that gives quite a lot of features together with safety features for round 5 million web sites, has obtained a crucial safety replace following the invention of a bug that has lurked unnoticed since 2012.

Jetpack’s maintainers, Automattic, introduced on Tuesday that it had labored intently with the WordPress safety group to push out an automated patch for each model of Jetpack since 2.0.

The safety gap is in Jetpack’s API and has been current since model 2.0 was launched over a decade in the past, in 2012.

The vulnerability, which may enable authors on a website to control any recordsdata in a WordPress set up, was discovered throughout an inner safety audit.

If exploited, the flaw may have allowed a malicious hacker to vary content material on an internet site, which could have compromised the safety of different customers and web site guests.

The excellent news is that Automattic says it has not seen any proof that the vulnerability has been utilized in malicious assaults. Nonetheless, that’s removed from a assure that the safety gap has not been exploited.

If something, now the issue has been made public, there might now be extra decided makes an attempt by cybercriminals to take advantage of the flaw – underlining the significance for all weak WordPress-powered web sites to make sure that they’re working a safe model of Jetpack.

Luckily, WordPress has in place a fairly sturdy system of mechanically pushing out crucial safety updates in conditions like this, and nearly all at-risk WordPress-powered web sites are prone to have already been mechanically up to date to a safe model of the Jetpack plugin.

Jetpack, identical to WordPress, is open supply. That implies that anybody can test the supply code, and it’s often claimed that one of many advantages of open supply is that this implies it’s extra seemingly that safety holes will likely be discovered.

And but this safety vulnerability went unnoticed for over ten years.

Simply because anybody can test open supply code for crucial safety vulnerabilities, it would not essentially imply anybody is.


Editor’s Be aware: The opinions expressed on this visitor writer article are solely these of the contributor, and don’t essentially replicate these of Tripwire.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles