Security Update for Jetpack

An important security update has been released for the Jetpack plugin.

You can protect yourself by upgrading to the latest version of Jetpack 4.0.3, under Dashboard → Updates in your WordPress dashboard.

With our release of version 1.8.3 of the VaultPress plugin, we have implemented a fix for this threat in order to protect any VaultPress customers that are running an outdated version of Jetpack. We automatically upgraded as many sites as we could to this new version of VaultPress. 

The security update fixed a vulnerability that allowed an attacker to exploit the way that some Jetpack shortcodes are processed. This bug has existed since Jetpack 2.0, released in November 2012. Thank you to Marc-Alexandre Montpas from Sucuri for his research and responsible disclosure of this issue. According to the Jetpack team, there is no evidence of this threat being used out in the wild. With this announcement though, exploits will begin to occur and it’s crucial updates are taken care of!

To make sure you are protected, please review these resources:

Jetpack 4.0.3 Security Update – FAQs
How to install the Jetpack 4.0.3 Security Update

As always, if you have any questions or concerns, drop us a line!

This entry was posted in General, Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s