WordPress has pushed an automatic update to address a critical flaw in the popular Jetpack plugin. The vulnerability could allow an attacker to manipulate any files in the WordPress installation. The vulnerability was found in an API present in the plugin since version 2.0 and was unearthed during an internal security audit. Jetpack 12.1.1 with the security patch is currently automatically rolling out to all WordPress websites.
“During an internal security audit, we found a vulnerability with the API available in Jetpack since version 2.0, released in 2012,” Automattic Developer Relations Engineer Jeremy Herve said.
There is no evidence that the vulnerability has been exploited in the wild. But it is advisable to enhance the security of your website. You should also install a good security plugin like WordFence.
Jetpack is a popular WordPress plugin with more than five million active installations. The plugin offers several notable features like photo CDN, security features, automated backups, and more. It is worth noting that version 2.0 was released back in 2012. The vulnerability has been there for more than 10 years.
This is not the first time when Automattic pushed an automatic update to fix security issues. There have been several instances when Automattic faced installed automatic updates to protect websites.
