Serious security flaw in popular WordPress Jetpack plugin detected

Many bloggers who use WordPress, also use the Jetpack plugin to add features and functionality to their websites. The plugin lets you easily add several features and functionality like Sites stats, email subscriptions, grammar checker, social buttons, integration and sharing, URL shortener and so on. The list is truly impressive.


However just a few days back, a serious security flaw was detected in the Jetpack plugin that had the potential to allow any hacker to post or carry out any action on a blog without having to log in! This bug had existed since Jetpack 1.9, released in October 2012!

This is a bad bug, and Jetpack is one of the most widely used plugins in the WordPress world. We have been working closely with the WordPress security team, which has pushed updates to every version of the plugin since 1.9 through core’s auto-update system. We have also coordinated with a number of hosts and network providers to install network-wide blocks to mitigate the impact of this vulnerability, but the only sure fix is updating the plugin, says Jetpack.

WordPress has already started rolling out an update to patch this vulnerability and I suppose you may be seeing it in your WordPress dashboard already. It is recommended that you update your Jetpack plugin right away.

Posted by with Tags
Anand Khanse is the Admin of, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. He enjoys following and reporting Microsoft news and developments in the world of Personal Computing & Social Media.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 + 4 =