Automattic likes to tell us that it’s product WordPress is the world’s most popular website platform so it is dissapoibnting that a vulnerability has existed in it’s own popular plugin Jetpack since 2016.
Jetpack fixes critical information disclosure flaw existing since 2016 (bleepingcomputer.com)
How popular is Jetpack? As it offers a range of extra functionality for the standard WordPress install, it is very popular with over 27 million installs. As it is offered by Automattic it ticks all the boxes when looking for a trusted plugin with good support. I have had no hestiation in passing Automattic’s Jetpack when I have been carrying out IT and Cyber Security Audits. I am now notifying those clients of this issues.
Jetpack has issued an automatic update for the issue.
Your reputation
Your website is your reputation – read this article to find out if you have enough control of that website to protect your reputation:
How much are you relying on your web designer to protect your reputation?
The Wednesday Bit
WordPress gets a mention in this week’s Wednesday Bit.
A Real-World Example – BYOD A Primer (pt.3)
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Here is Jetpack’s statement:
Jetpack 13.9.1: Critical Security Update
