Huge WordPress Jetpack Exploit Discovered – Update to v2.9.3

Posted by on Apr 10, 2014 in Computer Security, Web Development and SEO | 0 comments

Jetpack has released version a new version of its WordPress plugin; version 2.9.3 today. This plugs a newly discovered massive exploit that had been resident since v1.9! Jetpack have recommended that all WordPress websites running Jetpack update their plugin immediately. Visit WordPress.org and manually download Jetpack to download it manually or via your WordPress admin panel as normal. GiraffeDog has updated 43 websites that were running it tonight. Is your host this pro-active?

WordPress Plugin Jetpack Exploit

This Jetpack exploit was found while they were undertaking an internal security audit. It allows an attacker to bypass a WordPress website’s security and publish posts. Using this newly discovered WordPress vulnerability a website attacker could combine this with another attack to gain escalated access to your WordPress blog or website. Jetpack have said that this unknown exploit has been present in their code since Jetpack version 1.9 which was released back in October 2012!

Newly Discovered?

There has been no evidence that this newly discovered day zero attack vector has been used to gain access to WordPress websites in the wild, but now that this Jetpack hack is public knowledge, it is just a matter of time before scripted exploits are developed. To avoid getting caught out, simply update your WordPress plugin Jetpack as soon as possible!

Jetpack is a widely used WordPress plugin, and they have been working quite closely with developers at WordPress. Jetpack have pushed updates to every version of the plugin since 1.9 through WordPresses core’s auto-update system.

What Have JetPack Done to Mitigate this Newly Discovered WordPress Exploit

Jetpack have also taken proactive steps to work directly with a wide number of web hosts to install network-wide blocks to mitigate the impact of this WordPress vulnerability and prevent hacker attack. This shouldn’t however make you complacent and stop you updating your site plugins!

Customers on our WordPress cloud hosting platform were all updated today and will not be affected by this update.

Related News on WordPress Jetpack 2.9.3 Update

Comments are closed.