How to Blog: Your Comprehensive Source for WordPress Themes, Plugins, Tips, Tricks, Reviews and News

Subscribe to our newsletter for the latest WordPress tips!

Serious Security Flaws Found in Jetpack – upgrade to 4.0.4 NOW

jetpack security flaw wordpress plugin

Wow – lots of serious security vulnerabilities discovered this week! In addition to Monday’s required WordPress core update, serious vulnerabilities have just been found in the widely used Jetpack plugin for WP.  You can get the details on the Jetpack security exploits that were discovered from the WordFence blog (which does a better job of explaining the security issues) and from the Jetpack site, which provides additional information about bug fixes.  The three serious WordPress security exploits found in Jetpack 4.0.3 that are now fixed in v4.0.4 are:

  • a vulnerability that allowed an attacker to perform unauthorized changes to the “post by email” settings
  • a cross site scripting (XSS) vulnerability in the Jetpack ‘Likes’ module
  • a vulnerability that made submitted feedback publicly available via the REST API

 

Click Here to Leave a Comment Below

Leave a Reply: