CyberNews Briefs

Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin

WordPress website admins and owners are encouraged to immediately apply the Jetpack 7.9.1 critical security update. Vulnerabilities in Jetpack that could leave websites subject to attack have existed since Jetpack 5.1. Jetpack is a popular WordPress plugin that features security, performance and site management services including malware scanning and brute-force attack prevention. The plugin is currently utilized by 5 million websites and was developed by Automattic, the company that runs WordPress itself.

The vulnerability lies in the way Jetpack processed embed code. Jetpack announced that the bug impacts versions after 5.1 and may have been around since July of 2017. Jetpack developers state that no evidence of the bug was discovered until the release of the latest security update, 7.9.1. Of the 5 million users, 4 million have already updated Jetpack, effectively patching the bug.

Read More: Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.