Jetpack fixes 8-year-old flaw affecting millions of WordPress sites - The Register

Jetpack, a popular plugin used by millions of WordPress websites, has finally fixed an 8-year-old flaw that left its users vulnerable to attacks. The critical security issue was discovered in the plugin’s code and could have allowed attackers to gain unauthorized access to sensitive information on affected sites.

The vulnerability was identified in Jetpack’s XML-RPC module, which is used to allow remote management of WordPress websites. The flaw allowed attackers to exploit a weakness in the plugin’s code and execute arbitrary code on the server, potentially leading to a full compromise of the website.

The security issue was discovered by security researchers at the end of 2022, and Jetpack developers were informed immediately. The company took swift action and released a patched version of the plugin, Jetpack 13.9.1, which includes a fix for the vulnerability.

According to reports, over 27 million websites are using Jetpack, making this security flaw a significant concern for many website owners. The plugin is widely used due to its ease of use and ability to provide added functionality to WordPress sites, such as security features, performance enhancements, and SEO tools.

The vulnerability was caused by a lack of proper input validation in the XML-RPC module, which allowed attackers to send malicious requests to the server. The Jetpack development team has now implemented proper input validation to prevent similar issues from occurring in the future.

Jetpack users are advised to update their plugin to version 13.9.1 as soon as possible to ensure their websites are protected against potential attacks. The update is available for download on the Jetpack website, and users can install it manually or use the automatic update feature within WordPress.

In a statement, a spokesperson for Automattic, the company behind Jetpack, said: “We take security very seriously, and we appreciate the efforts of security researchers who brought this issue to our attention. We have taken immediate action to address the vulnerability and protect our users. We encourage all Jetpack users to update their plugin as soon as possible to ensure their websites are secure.”

The discovery of this vulnerability highlights the importance of regular security audits and updates for WordPress plugins and themes. It also underscores the need for website owners to stay informed about potential security issues and take prompt action when necessary.

In conclusion, Jetpack’s prompt fix for this critical security flaw is a positive step towards ensuring the safety and security of millions of WordPress websites. The incident serves as a reminder for website owners to remain vigilant and proactive in protecting their online assets.