"WordPress Rushes Out Jetpack Patch to Millions"

The software company behind the popular blogging platform WordPress is automatically updating over five million installations of its Jetpack plugin after a critical vulnerability was discovered in it.  Automattic, which also counts Jetpack as one of its subsidiaries, began the update recently to bring users up to date with the new version, 12.1.1.  The company stated that during an internal security audit, they found a vulnerability with the API available in Jetpack since version 2.0, released in 2012.  The company noted that this vulnerability could be used by authors on a site to manipulate any files in the WordPress installation.  The company stated that they have no evidence the vulnerability has been exploited in the wild.  The company noted that now that the update has been released, it is possible that someone will try to take advantage of this vulnerability.  The company stated that it worked closely with WordPress's Security Team to release patched versions of every version of Jetpack since 2.0.  Most websites have been or will soon be automatically updated to a secured version. Jetpack is designed to offer users a range of security features, including automated backups and one-click restores, a web application firewall, malware scans, and brute-force attack protection. 

Infosecurity reports: "WordPress Rushes Out Jetpack Patch to Millions"