Vulnerability in Jetpack Plugin Puts Millions of WordPress Websites At Risk

Jetpack vulnerability

Millions of WordPress websites are again at risk due to a vulnerability found in a popular WordPress plugin, JetPack. Jetpack is a popular plugin which offers various optimizations and security features to a WordPress site. This plugin was developed by Automattic, the company behind the WordPress.

Also read: Best WordPress Tutorials

Security researchers at Sucuri found a stored XSS vulnerability in this plugin earlier this month. They reported this vulnerability to Automattic which fixed and pushed a new security update of the plugin. The company also confirmed that this vulnerability existed since Jetpack 2.0, released in November 2012

If you use Jetpack plugin, you can see a new update available in your plugins section. If you have not updated your plugin, you should do it now to avoid any risk.

Good thing is that company has pushed updates for all the vulnerable versions. In case you have not updated your plugin due to some personal reason and do not want to upgrade to latest version, you can download your version of this plugin with this security update. All these versions can be found here.

This security bug was found in the Shortcode Embeds Jetpack module. If you are not using this jetpack module, you are safe. This vulnerability allows attackers to exploit it by leaving a comment containing a carefully positioned shortcode to inject malicious Javascript code on the vulnerable website. If you want to read the technical details, you can read the full disclosure.

XSS vulnerability can be used to hijack accounts, inject spams on pages and redirect visitors to other malicious websites. All these can ruin your website’s reputation.

Source: Sucuri | Jetpack

Share this article
Shareable URL
Prev Post

Sony Xperia X and Xperia XA launched in India for Rs. 48990 and Rs. 20990

Next Post

Finally Redmi Note 3 And Mi 5 to Be On Open Sale Starting June 1

Leave a Reply
Read next
Subscribe to our newsletter
Get notified of the best deals on our WordPress themes.
0
Share