Open-source CMS WordPress is proactively installing a fix to millions of websites to address a vulnerability discovered using multi-purpose plugin Jetpack.

Automattic, the company behind open source Content Management System WordPress proactively fixes a vulnerability in Jetpack. This is a multifunctional plug-in that, in addition to managing website improvements, Jetpack also has a whole range of security features (back up, scan for malware, secure logins,…). It is monitored by Automattic itself and is now active on more than five million websites.

problem solved quickly

According to engineer Jeremy Herve, an internal audit has discovered a vulnerability in Jetpack’s API. It could be exploited to manipulate data on WordPress sites.

Meanwhile, the Jetpack 12.1.1 solution is automatically installed on WordPress websites that use the plugin. More than four million websites – the most vulnerable sites – have already received the upgrade, with the rest to follow soon.

No (big) worries

Herve emphasized that there is no evidence that the vulnerability was actually used for attacks. Now that the update has been released, there is a risk that malicious people will focus on the websites that Jetpack 12.1.1 hasn’t received yet. Therefore Jeremy Herve demands to install the update as soon as possible.

He also pointed out that since its release in 2012, his team has been working closely with WordPress to install updated versions of this version of Jetpack. Therefore, most websites have an up-to-date version now or soon.

This is the second WordPress security issue in a short period of time; A few weeks ago there was also a vulnerability in the Elementor plugin. And in September of last year, not too long ago, it was the WPGateway plugin that caused a similar headache.