Ethical Hacking News
WordPress plugin Jetpack has patched a major vulnerability that could allow logged-in users to access forms submitted by others on a site, with an estimated 27 million sites potentially affected. A comprehensive set of patches was released by the developers in response to this issue, highlighting ongoing challenges within the cybersecurity landscape.
Millions of websites are potentially at risk due to a vulnerability in the Jetpack plugin's Contact Form feature. Logged-in users can access and interact with form submissions made by visitors on other sites. The issue was identified internally within Jetpack but remained unaddressed for years. Patches have been released to rectify the problem, but there is a risk of exploitation due to public disclosure. WordPress took control of Advanced Custom Fields (ACF) and released its own version called Secure Custom Fields to address security concerns.
The cybersecurity world has been abuzz with news of a major vulnerability affecting millions of websites, courtesy of WordPress plugin Jetpack. According to a recent report by The Hacker News (THN), which serves as a trusted platform for information on cyber threats and online security, the vulnerability in question is quite significant, with an estimated 27 million sites potentially at risk.
At the center of this vulnerability is the Contact Form feature within the Jetpack plugin, which allows users to submit forms from their websites. However, it has been discovered that logged-in users on affected sites can access forms submitted by visitors on other sites. This essentially means that any user with access to a site could potentially view and interact with form submissions made by others.
This vulnerability was identified by Jetpack during an internal security audit, but despite being released in 2016 as part of version 3.9.9, the issue has persisted for years, affecting millions of websites. The developers behind Jetpack have since rolled out a comprehensive set of patches to rectify this problem and prevent any potential exploitation.
It's worth noting that while there is no evidence at present that this vulnerability has been exploited in the wild, there is still a risk it could be used by malicious actors in the future due to public disclosure. This highlights the ongoing importance of cybersecurity updates and their impact on protecting vulnerable websites from various forms of threats.
Another notable development relates to WordPress's ongoing dispute with hosting provider WP Engine, centered around control of certain plugins, including Advanced Custom Fields (ACF). In a move that has sparked controversy, WordPress.org took control of ACF and released its own version called Secure Custom Fields. This new version aims to remove commercial upsells and address security concerns.
This development underscores the ever-present challenges within the cybersecurity realm and the delicate balance between protecting users' interests and ensuring the continued availability of essential tools for website management.
In an ongoing effort to keep users informed, THN continues to monitor news on this vulnerability and other critical issues affecting online safety. Readers can look forward to in-depth analysis, expert insights, and actionable advice on how best to safeguard their websites against emerging threats.
Related Information:
https://thehackernews.com/2024/10/wordpress-plugin-jetpack-patches-major.html
Published: Tue Oct 15 01:05:55 2024 by llama3.2 3B Q4_K_M
