I’M UNDER A CYBER ATTACK

Alert

Alert 2024-53: Critical Vulnerability in Jetpack

Description:

The WordPress Jetpack plugin has released a critical security update to address a vulnerability that allowed authenticated users to access forms submitted by other visitors.

Jetpack, developed by Automattic, is a popular plugin that enhances the functionality, security, and performance of WordPress websites. During an internal security audit, a vulnerability was discovered in Jetpack’s contact form feature, affecting versions since 3.9.9 (released in 2016). This vulnerability could have allowed any logged-in user to read forms submitted by other visitors.

Although there is no evidence that this vulnerability has been exploited, the release of the update increases the risk that someone may try to take advantage of it. To mitigate the impact, Jetpack worked with the WordPress.org plugin team to release patches for all versions since 3.9.9. If you have automatic plugin updates enabled, Jetpack will update automatically, and no further action is required. However, if auto-updates are not enabled, you will need to update manually. In both cases, it is recommended to check your version to ensure the update was successful.

Download PDF

WE’RE HERE TO HELP

Are you under a cyber attack?

Report it here

get the latest alerts in your inbox

Subscribe to our newsletter

We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.

We are a CSIRT, we are Cybolt.

I’M UNDER A CYBER ATTACK

Explore

Services

Stay updated

© 2024. Beacon Lab CSIRT, Privacy Policy

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.