Jetpack, a WordPress plugin, has released a new version of Jetpack, 13.9.1, containing a critical security update.
The release addresses a vulnerability that allowed a logged-in user to access forms submitted by other visitors on the respective site.
According to Jetpack, the flaw with the Contact Form feature was detected during an internal security audit. The issue is said to have been carried in all Jetpack versions since 3.9.9, which was released in 2016.
Jetpack claims no exploitation of vulnerability
The Jetpack team further claimed that it has no evidence that the vulnerability was exploited by malicious actors.
However, it advised all users to update their version of Jetpack as soon as possible to ensure the security of their site as someone may try to take advantage of this vulnerability now.
“To help you in this process, we have worked closely with the WordPress.org Security Team to release patched versions of every version of Jetpack since 3.9.9. Most websites have been or will soon be automatically updated to a secured version,” Jetpack said in a blog post.
“We apologise for any extra workload this may put on your shoulders today. We will continue to regularly audit all aspects of our codebase to ensure that your Jetpack site remains safe,” it added.
In August 2024, cybersecurity firm Wordfence Threat Intelligence identified a severe security flaw in the LiteSpeed Cache WordPress plugin that exposed more than five million websites to potential takeovers.
The discovery led Wordfence to issue an updated firewall rule.
Read More: Malware infects more than 14,000 WordPress sites