The developers of the WordPress plugin Jetpack warn of a “critical” Security breach. After successful attacks, attackers could manipulate any files in WordPress installations. Versions protected against this are currently automatically installed on affected websites.
Jetpack is a widely used plug-in and according to the review website 5 million active installs. With the tool, site operators can make performance and security settings, among other things. This can be used, for example, to implement backups or protect websites from brute force attacks. Attackers attack websites with password lists to gain access. The plug-in also monitors pages and provides statistics.
Dangerous vulnerability
In a post, the developers explainthat they have not observed any attacks so far. Due to the danger of the vulnerability, however, they recommend a speedy update. A CVE number has obviously not yet been assigned. In the post, they also list the 102 Safe Versions. The output is current 12.1.1. All previous versions are said to be vulnerable.
How attacks could proceed in detail is currently not known. Due to the severity of the vulnerability, those responsible for WordPress have decided to install the security updates automatically. According to the installation statistics this has already happened to over 4.3 million websites in the past few days, which are thus protected against attacks. Admins should ensure that one of the secured versions of Jetpack is installed on their WordPress site.
(of)