April 16, 2014

Running a WordPress blog? Update Jetpack Plugin!

https://i1.wp.com/s1.wp.com/wp-content/themes/a8c/jetpackme/images2012/logo.png?w=584

If you are running a WordPress blog, it’s very likely that you’ve also enabled the popular plugin from Jetpack. A few days ago, Jetpack has announced a Critical Security Update for sites running their plugin. Any site with a Jetpack Plugin version number after 1.9 and up to 2.9.3 (which fixes the security hole) should update their installation.

“During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012.”

http://jetpack.me/2014/04/10/jetpack-security-update/

UPDATE (2015-04-27): The latest version of the Jetpack Plugin is now V. 3.5. See: https://wordpress.org/plugins/jetpack/