Description

WordPress plugin Jetpack version 2.9.3 contains a critical security update, and you should update your site as soon as possible. During an internal security audit, the Jetpack team found a bug that allows an attacker to bypass a site's access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012.

All Jetpack versions from 1.9 until 2.9.2 (inclusive) are vulnerable.

Remediation

Upgrade to the latest version of Jetpack.

References

Related Vulnerabilities