Developers of the popular Jetpack plugin for WordPress, installed more than 5,000,000 times, called on users Update as soon as possible by installing patches released this week. The fact is that there has been a critical vulnerability in the plugin code for more than two years, which was fixed only now.
Jetpack is a security solution designed to protect sites from hacking, unauthorized entry and so on. Moreover, basic protection is provided free of charge, and additional features are already available for a fee.
The discovered vulnerability appeared in the code since the release of Jetpack 5.1, that is, in July 2017. Although there are practically no technical details about the problem, it is known that it was related to how Jetpack handled the embedded code. It is emphasized that the bug was not used by hackers, but all versions of the plugin were vulnerable to it, starting with the mentioned Jetpack 5.1.
Developers have prepared fixes for each version of Jetpack, starting with 5.1. That is, you can install not only the latest Jetpack 7.9.1, but also fix the bug versions 5.1.1, 5.2.2, 5.3.1, 5.4.1, 5.5.2, 5.6.2, 5.7.2, 5.8.1, 5.9 .1, 6.0.1, 6.1.2, 6.2. 2, 6.3.4, 6.4.3, 6.5.1, 6.6.2, 6.7.1, 6.8.2, 6.9.1, 7.0.2, 7.1.2, 7.2.2, 7.3.2, 7.4.2, 7.5.4, 7.6.1, 7.7.3, 7.8.1.
According to official statistics, more than four out of five million installations have so far been upgraded to safe versions.