We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Critical Jetpack Plugin Vulnerability Patched on 5M Websites

Critical Jetpack Plugin Vulnerability Patched on 5M Websites
Author Image Husain Parvez
Husain Parvez Published on 1st June 2023 Cybersecurity Researcher

Automattic, the company responsible for the open-source WordPress content management system, has initiated the mandatory installation of a security patch on numerous websites. This action aims to rectify a critical vulnerability found in the Jetpack plugin, which could potentially give a threat actor the ability to manipulate any file on a WordPress installation.

The vulnerability in question has been affecting all versions of the Jetpack WordPress plugin since Jetpack 2.0, which was released in 2012. Jetpack is a widely-used plugin that offers a suite of security features, including malware scanning, real-time backups, spam protection, and defense against brute-force attacks.

With over five million active installations, it ranks among the most popular plugins for WordPress. The security update, introduced on Tuesday, aims to address the found vulnerability and ensure the continued protection of Jetpack users.

According to Automattic, the vulnerability was discovered within the Jetpack plugin's API during an internal security audit. This vulnerability can enable site authors to “manipulate any files in the WordPress installation.”

The patch, Jetpack 12.1.1, is currently being automatically rolled out to all WordPress websites utilizing the Jetpack plugin. This patch, which began its deployment yesterday, has already been successfully installed on close to 5 million sites, meaning almost all affected sites have been patched.

Automattic has stated that there is no evidence of the vulnerability being exploited in malicious attacks. Nonetheless, it is crucial to acknowledge that vulnerabilities in popular WordPress plugins often attract the attention of cybercriminals due to the potential for significant damage if successfully exploited.

To mitigate the risk, site owners are strongly advised to update their Jetpack installations to the latest version. Automattic has made available a comprehensive list of the 102 plugin versions released this week for reference.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.