October 3, 2023

Developers of Jetpack WordPress plugin has recently alerted its user base to a critical security vulnerability, CVE-2023-2996. Jetpack, a one-stop solution to bolster the security, performance, and website management of WordPress sites, enjoys a user base exceeding five million active installations.

The vulnerability affects Jetpack versions before 12.1.1, with the root cause linked to an unvalidated file upload mechanism that allows a complete takeover.

In response to this alarming revelation, “Automattic”, the developers of the plugin promptly rolled out a security patch, Jetpack 12.1.1. This patch is currently being automatically applied to all WordPress websites using the plugin, a measure designed to shield websites from potential exploitation.

Advertisements

Considering the serious potential implications, all Jetpack users are strongly urged to update their version of Jetpack to 12.1.1 or later as soon as possible, to ensure the ongoing security of their WordPress sites. As a commitment to their users, Automattic has collaborated with the WordPress.org Security Team to release patched versions of every iteration of Jetpack since 2.0.

To ensure that users are given ample time to update, Automattic will publicly display the PoC on July 4, 2023. This strategy provides a buffer for users to update their Jetpack plugin and eliminate the CVE-2023-2996 vulnerability before details of its exploitation become widely known.

Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: