Man
Professional
- Messages
- 3,081
- Reaction score
- 620
- Points
- 113
The old code almost caused a disaster for the WordPress community.
The developers of the Jetpack WordPress plugin have released a security update to address a critical vulnerability that allowed authorized users to access forms submitted by other site visitors.
Jetpack, owned by Automattic, provides a comprehensive set of tools to improve website security and performance. According to the plugin site, it is used on 27 million WordPress sites.
The vulnerability was discovered in Jetpack's contact forms feature during an internal security audit. It has existed since version 3.9.9, released in 2016. The issue allowed authorized users to view data submitted by visitors through forms on the site.
Jetpack spokesman Jérémie Hervé noted that the developers worked closely with the WordPress.org security team to automatically update the plugin to a secure version on all installed sites. The vulnerability was fixed in version 101 of Jetpack, starting with 13.9.1 and ending with 3.9.10. The full list of affected versions was published on the developer's website.
Although there is currently no information that the vulnerability was exploited by attackers, the risk of exploitation exists after public disclosure.
Source
The developers of the Jetpack WordPress plugin have released a security update to address a critical vulnerability that allowed authorized users to access forms submitted by other site visitors.
Jetpack, owned by Automattic, provides a comprehensive set of tools to improve website security and performance. According to the plugin site, it is used on 27 million WordPress sites.
The vulnerability was discovered in Jetpack's contact forms feature during an internal security audit. It has existed since version 3.9.9, released in 2016. The issue allowed authorized users to view data submitted by visitors through forms on the site.
Jetpack spokesman Jérémie Hervé noted that the developers worked closely with the WordPress.org security team to automatically update the plugin to a secure version on all installed sites. The vulnerability was fixed in version 101 of Jetpack, starting with 13.9.1 and ending with 3.9.10. The full list of affected versions was published on the developer's website.
Although there is currently no information that the vulnerability was exploited by attackers, the risk of exploitation exists after public disclosure.
Source
