WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.
Jetpack is a popular WordPress plugin by Automattic that provides tools to enhance website functionality, security, and performance. According to the vendor, the plugin is installed on 27 million websites.
The issue was discovered during an internal audit and impacts all Jetpack versions since 3.9.9, released in 2016.
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.
Jetpack is a popular WordPress plugin by Automattic that provides tools to enhance website functionality, security, and performance. According to the vendor, the plugin is installed on 27 million websites.
The issue was discovered during an internal audit and impacts all Jetpack versions since 3.9.9, released in 2016.
Jetpack says there is no evidence that malicious actors exploited the flaw in its eight years of existence, but it advises users to upgrade to a patched release as soon as possible.
“We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, it is possible that someone will try to take advantage of this vulnerability,” warned Jetpack.
Note that there are no mitigations or workarounds for this flaw, so applying the available updates is the only available and recommended solution.
Technical details about the flaw and how it can be exploited have been withheld for now to allow users some time to apply the security updates.
