Jetpack Vulnerability and Automatic Update
Jetpack, one of the more popular WordPress plugins, announced a critical security update a few days ago. This flaw could allow an malicious user to create arbitrary posts on a site, and combined with other bugs may allow an attacker to take complete control of the site.
Although the Jetpack team did not report seeing any exploits of this flaw in the wild, now that it has been announced it is only a matter of time before attempts against it begin.
Lightning Base Auto-Updates
In general, we attempt to let users manage their sites as they wish – you can control whether to receive automatic updates or to run updates at your convenience. But there are some security issues that are both serious and widespread enough that we decide to push updates to all sites proactively regardless of the website settings (a prior flaw involving caching plugins is one example).
What You’ll See
Any WP installations that have been created by or imported into our management system had their Jetpack plugin automatically updated. You might receive one of three emails:
– A notice that your site upgrade failed because the install could not be located. If you manually deleted or moved an installation, it is possible that our management tool still believes it exists even though it does not. This will generate a failure notice. It can be ignored, or you can delete the installations using the site’s icon in your cPanel. Please respond to the email notice if you need any help doing this.
– A notice that your site upgrade failed for another reason. For instance, if your account is out of space the upgrade may fail. We would highly recommend looking into why this occurred and updating your Jetpack manually. Again, you can respond to the email if you need assistance.
– A notice that your WordPress was updated (plugin update). This means your site is now protected from the exploit.
If you have any questions/concerns regarding the update, please login to https://secure.lightningbase.com and open a ticket – we will be happy to help.