A serious vulnerability has been discovered in the Jetpack plugin for WordPress and a version update has been distributed. This section explains how to deal with this vulnerability.
What are the vulnerabilities in the Jetpack plugin?
According to the official JETPACK website, the vulnerability is described as follows
This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation.
This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation.
This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation.
How to deal with the Jetpack plugin vulnerability
This vulnerability may have already been patched if automatic updates are enabled.
However, if automatic updates are not enabled or not available on your site, it is possible that the security patch has not yet been applied. Here is what to do in this case.
1 Check the version of Jetpack
Check the version of Jetpack from the plugin menu in the WordPress administration page.
2 Check if the last digit of the above version is the version with the security patch.
The versions with security patches released by Jetpack are as follows.
2.0.9, 2.1.7, 2.2.10, 2.3.10, 2.4.7, 2.5.5, 2.6.6, 2.7.5, 2.8.5, 2.9.6, 3.0.6, 3.1.5, 3.2.5, 3.3.6, 3.4.6, 3.5.6, 3.6.4, 3.7.5, 3.8.5, 3.9.9, 4.0.6, 4.1.3, 4.2.4, 4.3.4, 4.4.4, 4.5.2, 4.6.2, 4.7.3, 4.8.4, 4.9.2, 5.0.2, 5.1.3, 5.2.4, 5.3.3, 5.4.3, 5.5.4, 5.6.4, 5.7.4, 5.8.3, 5.9.3, 6.0.3, 6.1.4, 6.2.4 6.3.6, 6.4.5, 6.5.3, 6.6.4, 6.7.3, 6.8.4, 6.9.3, 7.0.4, 7.1.4, 7.2.4, 7.3.4, 7.4.4, 7.5.6, 7.6.3, 7.7.5, 7.8.3, 7.9.3, 8.0.2, 8.1.3, 8.2.5, 8.3.2, 8.4. 4, 8.5.2, 8.6.3, 8.7.3, 8.8.4, 8.9.3, 9.0.4, 9.1.2, 9.2.3, 9.3.4, 9.4.3, 9.5.4, 9.6.3, 9.7.2, 9.8.2, 9.9.2, 10.0.1, 10.1.1, 10.2.2, 10.3.1, 10.4.1, 10.5.2, 10.6.2, 10.7.1, 10.8.1, 10.9.2, 11.0.1, 11.1.3, 11.2.1, 11.3.3, 11.4.1, 11.5.2, 11.6.1, 11.7.2, 11.8.5, 11.9.2, 12.0.1, 12.1.1
If your Jetpack version is, for example, 6.7.1, you are using an unpatched version of Jetpack, since the latest version with the 6.7 series security patch is 6.7.3 from the above table.
3 Update Jetpack
If you are using an unpatched version, update the plugin.
Click the “Update” button in the plugin list to update the plugin.
(If you are updating a plugin extensively, we recommend that you make a backup of your site before updating.)
Update Jetpack manually
If you wish to apply security patches manually, please note the version of your Jetpack plugin that has the security patch.
Example
If your Jetpack is version 10.5.1, the version with the security patch is 10.5.2 from the list in 2 above.
From the Jetpack download page, click on the “Advance view” button,
Click on the pull-down menu at the bottom of the page and download the version with the security patch.
Unzip the zip file, connect to the server using FTP software, and apply the security patch to the WordPress plugin folder (wp-content/plugins/jetpack), overwriting the extracted files with the security patch.
Free] WordPress:Malware Scanning & Security Plug-in [Malware and Virus Detection and Removal].