Vulnerability in Jetpack – Affects 27 Million WordPress Sites

WordPress plugin Jetpack has a major vulnerability that could allow attackers to take over websites.

• The vulnerability affects 27 million WordPress sites.
• Jetpack has released a security update to fix the vulnerability.
• It is recommended that all Jetpack users update to the latest version as soon as possible.

During an internal security audit, we found a vulnerability with the Contact Form feature in Jetpack ever since version 3.9.9, released in 2016. This vulnerability could be used by any logged in users on a site to read forms submitted by visitors on the site.

What is Jetpack?

Jetpack is a suite of WordPress plugins that offers a variety of features, including:

• Security: Jetpack includes security features such as brute force protection, malware scanning, and DDoS protection.
• Performance: Jetpack can help improve website performance by caching content and optimizing images.
• Marketing: Jetpack offers marketing features such as social media integration, SEO tools, and email marketing.
• Design: Jetpack includes design tools such as custom CSS and themes.

How does Jetpack work?

Jetpack works by connecting your WordPress website to the Jetpack servers. This allows Jetpack to provide features and services that would be difficult or impossible to implement on your own.

Jetpack security

Jetpack is generally considered to be a secure plugin. However, like any software, it is possible for vulnerabilities to be discovered. It is important to keep Jetpack updated to the latest version to ensure that you are protected from any known vulnerabilities.

Additional tips for Jetpack security:

• Use a strong password for your WordPress admin account.
• Keep your WordPress software and plugins up to date.
• Use a security plugin in addition to Jetpack.
• Back up your WordPress website regularly.