uTalk

Official forum for Utopia Community

You are not logged in.

#1 2023-06-01 22:34:35

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Critical Flaw in the Jetpack Plugin is Fixed by an Emergency WordPress

SehTgEx.png
An automatic update from WordPress has been released to fix a serious flaw in the Jetpack plugin, which is used by more than five million websites.

The API that is affected by the vulnerability is a part of the plugin since version 2.0, which was released in November 2012. It was discovered during an internal security audit.

In a warning, Jetpack stated that "authors on a site could use this vulnerability to manipulate any files in the WordPress installation.". To fix the bug, 102 new versions of Jetpack have been made available.

Although there is no proof that the problem has been used in the wild, threat actors frequently take advantage of vulnerabilities in well-known WordPress plugins to hijack websites and use them for their own evil purposes.

WordPress has been forced to compel the installation of the patches before due to serious security flaws in Jetpack.

Version 7.9 of Jetpack was released in November 2019. 1 to address a bug in the plugin's handling of embed code that had existed since July 2017 (version 5.1).

Additionally, the development occurs shortly after Patchstack exposed a security hole in the premium Gravity Forms plugin that could have allowed an unauthorized user to inject PHP code.


WordPress.

It affects all versions starting with 2.7 (CVE-2023-28782). 3.0 and lower. Version 2.7 has a fix for it. On April 11, 2023, version 4 became accessible.

Offline

#2 2023-06-02 18:36:28

Comrade
Member
From: Utopia App Client
Registered: 2022-12-30
Posts: 2,385

Re: Critical Flaw in the Jetpack Plugin is Fixed by an Emergency WordPress

thrive;11407 wrote:

https://i.imgur.com/SehTgEx.png
An automatic update from WordPress has been released to fix a serious flaw in the Jetpack plugin, which is used by more than five million websites.

The API that is affected by the vulnerability is a part of the plugin since version 2.0, which was released in November 2012. It was discovered during an internal security audit.

In a warning, Jetpack stated that "authors on a site could use this vulnerability to manipulate any files in the WordPress installation.". To fix the bug, 102 new versions of Jetpack have been made available.

Although there is no proof that the problem has been used in the wild, threat actors frequently take advantage of vulnerabilities in well-known WordPress plugins to hijack websites and use them for their own evil purposes.

WordPress has been forced to compel the installation of the patches before due to serious security flaws in Jetpack.

Version 7.9 of Jetpack was released in November 2019. 1 to address a bug in the plugin's handling of embed code that had existed since July 2017 (version 5.1).

Additionally, the development occurs shortly after Patchstack exposed a security hole in the premium Gravity Forms plugin that could have allowed an unauthorized user to inject PHP code.


WordPress.

It affects all versions starting with 2.7 (CVE-2023-28782). 3.0 and lower. Version 2.7 has a fix for it. On April 11, 2023, version 4 became accessible.

This sounds interesting and obliging development on very base softwares, i guess it will be better to do a security check on every open sources programs and mainly its essential for close source as well. Wordpress are mostly known to run out of updates when its comes to users maintenance.

Offline

Board footer

Powered by FluxBB