Jetpack Vulnerability and Automatic Update

Sunday, April 13th, 2014 / Posted In :Security /  By : / Comments Off on Jetpack Vulnerability and Automatic Update

Jetpack, one of the more popular WordPress plugins, announced a critical security update  a few days ago. This flaw could allow an malicious user to create arbitrary posts on a site, and combined with other bugs may allow an attacker to take complete control of the site.

Although the Jetpack team did not report seeing any exploits of this flaw in the wild, now that it has been announced it is only a matter of time before attempts against it begin.

Lightning Base Auto-Updates

In general, we attempt to let users manage their sites as they wish – you can control whether to receive automatic updates or to run updates at your convenience. But there are some security issues that are both serious and widespread enough that we decide to push updates to all sites proactively regardless of the website settings (a prior flaw involving caching plugins is one example).

What You’ll See

Any WP installations that have been created by or imported into our management system had their Jetpack plugin automatically updated. You might receive one of three emails:

– A notice that your site upgrade failed because the install could not be located. If you manually deleted or moved an installation, it is possible that our management tool still believes it exists even though it does not. This will generate a failure notice. It can be ignored, or you can delete the installations using the site’s icon in your cPanel. Please respond to the email notice if you need any help doing this.

– A notice that your site upgrade failed for another reason. For instance, if your account is out of space the upgrade may fail. We would highly recommend looking into why this occurred and updating your Jetpack manually. Again, you can respond to the email if you need assistance.

– A notice that your WordPress was updated (plugin update). This means your site is now protected from the exploit.

If you have any questions/concerns regarding the update, please login to https://secure.lightningbase.com and open a ticket – we will be happy to help.



Author :

Chris is the founder of Lightning Base. You'll find him all over around here - writing on this blog, providing customer service, and handling whatever else needs to be done. You can reach him easily by filling out our contact form and addressing your message to Chris.

© 2015 Lightning Base LLC. All rights reserved. | Privacy Policy | Terms of Use