Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This top WordPress plugin has a major security flaw potentially affecting millions of sites

Jetpack.

One of the most popular WordPress site optimization plugins, Jetpack, reportedly carried a major vulnerability for years which allowed people to access other people’s submitted content.

The company that manages the plugin, Automattic, discovered the vulnerability during an internal audit recently, and released fixes for all vulnerable versions. Users are advised to apply the fix immediately, since there is no workaround and since crooks will probably now try to take advantage of the bug.

In a security advisory published together with the patches, Automattic said the vulnerability allowed, “any logged in users on a site to read forms submitted by visitors on the site."

IntelBroker

Multiple versions were said to be affected, with the earliest one being released back in 2016, "During an internal security audit, we found a vulnerability with the Contact Form feature in Jetpack ever since version 3.9.9, released in 2016," Automattic said.

In total, 101 versions are affected - you can find the entire list here.

The company also said that there is, so far, no evidence that malicious actors discovered and abused the flaw in the past. However, now that the cat is out of the bag, it’s only a matter of time before miscreants start scanning for vulnerable WordPress sites. Therefore, applying the patch is paramount. There is no workaround, and users are advised to first double-check if their website updated automatically (since some do).

The technical details of the flaw will be released once Automattic determines that the majority of users migrated to the fixed version.

Jetpack for WordPress is a multifunctional plugin that enhances website performance, security, and management. It comes with tools for SEO, social media integration, and e-commerce support, helping its users optimize the sites for user experience and visibility. The plugin also comes with customizable themes and advanced search features.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.