Security Update for Jetpack

A couple of important security and maintenance updates have been released for the Jetpack plugin.

You can protect yourself by upgrading to the latest version of Jetpack 3.7.2, under Dashboard → Updates in your WordPress dashboard.

The security updates fixed a vulnerability, reported by Sucuri, that allowed an attacker to exploit the contact form present in Jetpack through a specially crafted malicious email address. A vulnerability was also reported by Jaime Delgado Horna of Listae that showed that Jetpack version 3.7.0 is vulnerable to an information disclosure vulnerability in certain hosting configurations.

Both of these threats have been addressed in the recent update.

We have attempted to automatically upgrade any VaultPress customers that are running an outdated version of Jetpack. You can verify that you’re running the latest version of Jetpack 3.7.2, on the Plugins page in your WordPress dashboard.

As always, if you have any questions, drop us a line!

This entry was posted in General, Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s