{"id":57447,"date":"2024-10-18T22:30:07","date_gmt":"2024-10-18T22:30:07","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/"},"modified":"2024-10-18T22:30:07","modified_gmt":"2024-10-18T22:30:07","slug":"jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/","title":{"rendered":"Jetpack fixes 8-year-old flaw affecting millions of WordPress sites"},"content":{"rendered":"<p><span class=\"label\">in brief<\/span> A critical security update for the near-ubiquitous WordPress plugin Jetpack was released last week. Site administrators should ensure the latest version is installed to keep their sites secure.&nbsp;<\/p>\n<p>Jetpack is a WordPress plugin developed by Automattic, offering features like antispam filtering, site analytics, and more. It <a href=\"https:\/\/jetpack.com\/blog\/jetpack-13-9-1-critical-security-update\/\" rel=\"nofollow\">released<\/a> security patches for 101 different versions going all the way back to 2016&#8217;s version 3.9.9, which introduced a flaw that&#8217;s been present in the product ever since.&nbsp;<\/p>\n<p>&#8220;During an internal security audit, we found a vulnerability with the Contact Form feature in Jetpack,&#8221; the team said. &#8220;This vulnerability could be used by any logged in users on a site to read forms submitted by visitors on the site.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>In other words, it has a lot of potential to do damage &#8211; in a very particular circumstance.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Jetpack claims there is no evidence that the vulnerability has ever been exploited in the wild, but it predicts that won&#8217;t last now that it&#8217;s told the world about the matter.&nbsp;<\/p>\n<p>&#8220;Now that the update has been released, it is possible that someone will try to take advantage of this vulnerability,&#8221; Jetpack noted. The post didn&#8217;t include a CVE in its update noted, and it&#8217;s not clear if one has been assigned since then. We&#8217;ve reached out to the Jetpack team for comment, but they haven&#8217;t responded.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>As others have pointed out, Jetpack has long been a standard part of any new WordPress site, which means it&#8217;s present in a lot of places &#8211; approximately <a href=\"https:\/\/www.scworld.com\/news\/jetpack-patches-critical-bug-that-exposed-data-on-27m-wordpress-sites\" rel=\"nofollow\">27 million sites<\/a> by one estimate. It said the updated version should have been automatically installed on all affected websites, so WordPress administrators don&#8217;t necessarily need to panic.&nbsp;<\/p>\n<p>That said, it&#8217;s still a good idea to double-check your Jetpack version to be sure you&#8217;re not still on an old one.&nbsp;<\/p>\n<div class=\"boxout\" readability=\"19.384116693679\">\n<h3 class=\"crosshead\">Critical vulnerabilities of the week<\/h3>\n<p>Only one major issue to report this week that wasn&#8217;t covered elsewhere, but it&#8217;s a doozy for anyone using Veeam backup and replication software.&nbsp;<\/p>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-40711\" rel=\"nofollow\">CVE-2024-40711<\/a>, with a CVSS score of 9.8, is a deserialization of untrusted data vulnerability that can allow an unauthenticated remote attacker to execute code. It&#8217;s present in Veeam Backup &amp; Replication software version 12.1.2.172 and earlier, so get those updates installed asap.&nbsp;<\/p>\n<p>Veeam also patched <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-40711\" rel=\"nofollow\">other<\/a> vulnerabilities this week, including a pair of CVSS 8.8 issues that allow MFA bypass and data exfiltration. Get patching.&nbsp;<\/p>\n<\/div>\n<h3 class=\"crosshead\">New EU cyber incident reporting rules go into effect<\/h3>\n<p>The EU has <a href=\"https:\/\/ec.europa.eu\/commission\/presscorner\/detail\/en\/ip_24_5342\" rel=\"nofollow\">officially<\/a> adopted the first rules implementing the NIS2 cybersecurity rule, so companies in critical infrastructure sectors ought to prepare for stricter incident reporting rules as their home countries implement their own local regulations.&nbsp;<\/p>\n<p><a href=\"https:\/\/ec.europa.eu\/commission\/presscorner\/detail\/en\/ip_24_5342\" rel=\"nofollow\">NIS2<\/a>, which modified prior cybersecurity rules and went into force in 2023, places several new requirements on critical sector firms, including giving them 24 hours to report a cyber incident and 72 hours to disclose information loss. Companies that don&#8217;t comply will be fined up to \u20ac10 million or 2 percent of their global turnover.&nbsp;<\/p>\n<p>The new rule covers companies in the sectors one would normally consider critical infrastructure, and like similar bills in the US, strives to make companies improve their reporting to consolidate threat intelligence.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;In today&#8217;s cybersecurity landscape, stepping up our capabilities, security requirements and rapid information sharing with up-to-date rules is of paramount importance,&#8221; said EU antitrust chief Margrethe Vestager. &#8220;I urge the remaining Member States to implement these rules at national level as fast as possible.&#8221;&nbsp;<\/p>\n<h3 class=\"crosshead\">Be heard: Weigh in on CISA&#8217;s list of bad product security practices<\/h3>\n<p>CISA and the FBI have put together a <a href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/product-security-bad-practices\" rel=\"nofollow\">document<\/a> outlining bad product security practices, and it wants the public to weigh in on whether anything else is needed.&nbsp;<\/p>\n<p>The document is designed for &#8220;software manufacturers who develop software products \u2026 used in support of critical infrastructure,&#8221; but its recommendations apply equally as much to other firms, too. In it, CISA and the FBI break down three categories of bad practices &#8211; product properties, security features, and organizational processes and policies &#8211; that it said affect secure development, and discuss a number of common problems that fall into them.<\/p>\n<p>There&#8217;s plenty to comment on, perhaps most critically the fact that CISA notes it is &#8220;non-binding&#8221; and imposes &#8220;no requirement&#8221; on companies to adopt better secure software development practices.&nbsp;<\/p>\n<p>If you have an opinion on that, or anything else in the CISA\/FBI doc, you can <a href=\"https:\/\/www.federalregister.gov\/documents\/2024\/10\/16\/2024-23869\/request-for-comment-on-product-security-bad-practices-guidance\" rel=\"nofollow\">speak your mind<\/a> until December 2, 2024.&nbsp;<\/p>\n<h3 class=\"crosshead\">Some good news: Free cybersecurity service for UK schools<\/h3>\n<p>Following the successful trial of a protective DNS service for schools, the UK National Cyber Security Centre is extending the program to other educational institutions.&nbsp;<\/p>\n<p>Multi-academy trusts, academies, independent schools and school internet service providers are all being encouraged to sign up for the service, which offers schools DNS filtering from Cloudflare and Accenture to limit access to domains known to host malware and other nasties.&nbsp;<\/p>\n<p>Even better, it&#8217;s free.&nbsp;<\/p>\n<p>&#8220;We have worked closely with the [NCSC] on this service to ensure all schools can now benefit from enhanced cyber resilience at no cost to them and I encourage settings to take advantage of this enhanced protection,&#8221; UK minister for early education Stephen Morgan said of the news.&nbsp;<\/p>\n<p>Interested institutions can <a href=\"https:\/\/www.signin.service.ncsc.gov.uk\/auth\/realms\/ukncsc\/protocol\/openid-connect\/auth?client_id=uui-prod&amp;redirect_uri=https%3A%2F%2Fmy.ncsc.gov.uk%2Foauth2%2Fidpresponse&amp;response_type=code&amp;scope=openid&amp;state=9DU8sI8fJkMswh5Qs1XwVsTwdkBJsfT3SubeDg37SmrcGQfjTBZJ5GK%2FtYrwIoocK4zbjpVXkpL%2BeXYojixWD3yWeuSw6ev3JZzJe9HZiD38%2FmZGJrDMZPyL1Jk4fa9NXOxN%2BOfaXMZ7sA1wQW%2FKQctKuSyKMhaTupvmuZNHjrPuFMUL4AoM4TTgBdpdtGbFkPrjGXJak6oV7gEzu55JiXO9RuE713e0CZ8yYknMSTklcKQzvsiqTlmD9iOZhDClJciojpEkgPOPYXM%2B\" rel=\"nofollow\">sign up<\/a> through the NCSC.<\/p>\n<h3 class=\"crosshead\">Cybercriminals are moving faster than ever<\/h3>\n<p>In the olden days of five years ago, it used to take months for threat actors and cybercriminals to start taking advantage of a newly-discovered exploit, but that window has shrunk to several days.&nbsp;<\/p>\n<p>Google&#8217;s Mandiant threat hunters released a <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/time-to-exploit-trends-2023\" rel=\"nofollow\">report<\/a> of 2023 time-to-exploit trends and found that, from 2022 to 2023 the average observed time to exploit (TTE) shrunk from 32 days to just five, meaning threat actors are moving incredibly quickly nowadays. That drop wasn&#8217;t gradual, either: from 2018 to 2019 Mandiant said it was around 63 days, which dropped to 44 in 2021, before lowering to 32 in 2022.&nbsp;<\/p>\n<p>That suggests a shift to exploiting new, relatively unknown vulnerabilities, which is borne out by another statistic from the same report: the team said it observed ratio of n-days to zero-days has changed to 30:70. Last year, it was a ratio of 38 to 62.&nbsp;<\/p>\n<p>&#8220;The shifting ratio appears to be influenced more from the recent increase in zero-day usage and detection rather than a drop in n-day usage,&#8221; Mandiant said.&nbsp;<\/p>\n<p>In other words, don&#8217;t sleep on those zero-day patches.&nbsp;\u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/10\/18\/jetpack_patches_wordpress_vulnerability\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Also, new EU cyber reporting rules are live, exploiters hit the gas pedal, free PDNS for UK schools, and more in brief\u00a0 A critical security update for the near-ubiquitous WordPress plugin Jetpack was released last week. Site administrators should ensure the latest version is installed to keep their sites secure.\u00a0\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-57447","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Jetpack fixes 8-year-old flaw affecting millions of WordPress sites 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Jetpack fixes 8-year-old flaw affecting millions of WordPress sites 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-18T22:30:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Jetpack fixes 8-year-old flaw affecting millions of WordPress sites\",\"datePublished\":\"2024-10-18T22:30:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\\\/\"},\"wordCount\":1089,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\\\/\",\"name\":\"Jetpack fixes 8-year-old flaw affecting millions of WordPress sites 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-10-18T22:30:07+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Jetpack fixes 8-year-old flaw affecting millions of WordPress sites\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Jetpack fixes 8-year-old flaw affecting millions of WordPress sites 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/","og_locale":"en_US","og_type":"article","og_title":"Jetpack fixes 8-year-old flaw affecting millions of WordPress sites 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-10-18T22:30:07+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Jetpack fixes 8-year-old flaw affecting millions of WordPress sites","datePublished":"2024-10-18T22:30:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/"},"wordCount":1089,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/","url":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/","name":"Jetpack fixes 8-year-old flaw affecting millions of WordPress sites 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-10-18T22:30:07+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxM_xAn8plj-P2tq6vLOEQAAAIM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/jetpack-fixes-8-year-old-flaw-affecting-millions-of-wordpress-sites\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Jetpack fixes 8-year-old flaw affecting millions of WordPress sites"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57447","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57447"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57447\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57447"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57447"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57447"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}