Critical WordPress Jetpack patched force-installed on 5 million sites - Patch your self-hosted Jetpack
Take action: If you are using Jetpack on WordPress, you are either patched by automation or are severely exposed - it's only a matter of time before you get hacked. Check your Jetpack plug in and patch immediately
Learn More
Automattic, the company behind WordPress, has initiated a force installation of a security patch on millions of websites to address a critical vulnerability in the popular Jetpack WordPress plug-in.
Jetpack, maintained by Automattic, offers various improvements for website management and security including site backups, brute-force attack protection, secure logins, malware scanning, and more. Most WordPress sites - whether hosted on a cloud provider or self-hosted use it.
The vulnerability, discovered during an internal security audit, allowed authors on a site to manipulate files within the WordPress installation. The vulnerability was found in an API available in Jetpack since version 2.0, released in 2012 - meaning all websites using Jetpack wiil be affected.
The security patch, Jetpack 12.1.1, is being automatically rolled out to all WordPress websites hosted by Automattic on Wordpress.com that using the plug-in, with the majority of vulnerable sites already updated.
While there is no evidence of exploitation, website administrators are advised to update their Jetpack version to prevent potential security breaches.
