WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites


The vulnerability resides in the Contact Form feature in Jetpack, and "could be used by any logged in users on a site to read forms submitted by visitors on the site, Jetpack said it's worked closely with the WordPress.org Security Team to automatically update the plugin to a safe version on installed sites. The shortcoming has been addressed in the following 101 different versions of Jetpack. Their code is currently insecure, and it is a dereliction of their duty to customers for them to tell people to avoid Secure Custom Fields until they fix their vulnerability

Read More


thumb-image

Solutions