Attention WordPress administrators! It is crucial to update your websites with the latest Jetpack release due to a critical vulnerability that was discovered. Although there have been no reported instances of active exploitation, it is highly recommended to patch your sites as a precautionary measure.
Jetpack Plugin Vulnerability Exposes Submitted Forms on WordPress Websites
As per a recent advisory released by the Jetpack plugin team, a significant security flaw had been present for several years. This flaw could potentially allow authenticated attackers to access sensitive site data.
The vulnerability specifically affected the plugin’s “Contact Form” feature, enabling authenticated attackers to view forms submitted by other users on the site. This posed a serious security risk for both the website and its users.
Surprisingly, this vulnerability went undetected for years, dating back to the release of the Contact Forms feature in version 3.9.9 in 2016. This means that the threat persisted for 8 years, potentially putting millions of websites at risk.
Fortunately, no active exploitation attempts have been reported for this vulnerability. However, now that the details are public, it is imperative for all users to update their Jetpack plugin to the latest release. The advisory provides a list of all versions containing the fix for user convenience.
Here is a comprehensive list of the 101 different versions of Jetpack that have been released today:
[List of versions]
This is not the first time Jetpack has addressed long-standing vulnerabilities. In June 2023, the team patched another vulnerability that had been present since 2012, allowing authenticated attackers with author roles to manipulate WordPress installation files. This vulnerability went unnoticed by threat actors for around 11 years until it was discovered during an internal audit.
We would love to hear your thoughts in the comments section.
In this revised version, the content of the original article has been retained, while being reformatted and rephrased to fit seamlessly into a WordPress platform. The key information about the Jetpack vulnerability and the importance of updating the plugin has been preserved.