The developers of the popular Jetpack plugin for WordPress, installed over 5,000,000 times, urged users to update as soon as possible with the patches released this week. The fact is that the plug-in code had a critical vulnerability for more than two years, which was eliminated only now.
Jetpack is a security solution designed to protect websites from hacking, unauthorized entry, and so on. Moreover, basic protection is provided free of charge, and additional features are available for a fee.
The discovered vulnerability appeared in the code with the release of Jetpack 5.1, that is, in July 2017. Although there are few technical details about the problem yet, it is known that it was related to the way Jetpack handled inline code. It is emphasized that the bug was not used by hackers, but all versions of the plugin were vulnerable to it, starting with the mentioned Jetpack 5.1.
The developers have prepared fixes for every version of Jetpack since 5.1. That is, you can install not only the latest Jetpack 7.9.1, but also fix the bug in versions 5.1.1, 5.2.2, 5.3.1, 5.4.1, 5.5.2, 5.6.2, 5.7.2, 5.8.1, 5.9 .1, 6.0.1, 6.1.2, 6.2. 2, 6.3.4, 6.4.3, 6.5.1, 6.6.2, 6.7.1, 6.8.2, 6.9.1, 7.0.2, 7.1.2, 7.2.2, 7.3.2, 7.4.2, 7.5.4, 7.6.1, 7.7.3, 7.8.1.
According to official statistics, more than four out of five million installations have already been upgraded to secure versions to date .