Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability that has existed since Jetpack 5.1.
You can update your installation to the 7.9.1 version through your dashboard, or manually download the Jetpack 7.9.1 release here.
Jetpack is an extremely popular WordPress plugin that provides free security, performance, and site management features including site backups, secure logins, malware scanning, and brute-force attack protection.
The plugin has over 5 million active installations, and it was developed and it is currently maintained by Automattic, the company behind WordPress.
Not yet exploited in the wild
The vulnerability was found in the way Jetpack processed embed code and Adham Sadaqah was the one credited for responsibly disclosing the security issue.
While not a lot of details were disclosed regarding the security flaw to protect the sites that haven't yet updated, the announcement made by Jetpack says that the bug impacts all versions starting with the 5.1 release and going back as far as July 2017.
The Jetpack developers state that no evidence was discovered until the release of the critical Jetpack 7.9.1 security update that the vulnerability has been exploited in the wild.
Active Jetpack versions
"However, now that the update has been released, it is only a matter of time before someone tries to take advantage of this vulnerability," the developers warn.
The development team also says that they worked with the WordPress.org Security Team to release patches for every version of Jetpack since 5.1 and that "most websites have been or will soo ..
Support the originator by clicking the read the rest link below.
