April 16, 2014

Running a WordPress blog? Update Jetpack Plugin!


If you are running a WordPress blog, it’s very likely that you’ve also enabled the popular plugin from Jetpack. A few days ago, Jetpack has announced a Critical Security Update for sites running their plugin. Any site with a Jetpack Plugin version number after 1.9 and up to 2.9.3 (which fixes the security hole) should update their installation.

“During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012.”


UPDATE (2015-04-27): The latest version of the Jetpack Plugin is now V. 3.5. See: https://wordpress.org/plugins/jetpack/