To Protect and Secure

An important security update has been released for the Jetpack plugin.

You can protect yourself by upgrading to the latest version of Jetpack 4.0.3, under Dashboard → Updates in your WordPress dashboard.

With our release of version 1.8.3 of the VaultPress plugin, we have implemented a fix for this threat in order to protect any VaultPress customers that are running an outdated version of Jetpack. We automatically upgraded as many sites as we could to this new version of VaultPress. 

The security update fixed a vulnerability that allowed an attacker to exploit the way that some Jetpack shortcodes are processed. This bug has existed since Jetpack 2.0, released in November 2012. Thank you to Marc-Alexandre Montpas from Sucuri for his research and responsible disclosure of this issue. According to the Jetpack team, there is no evidence of this threat being used out in the wild. With this announcement though, exploits will begin to occur and it’s crucial updates are taken care of!

To make sure you are protected, please review these resources:

Jetpack 4.0.3 Security Update – FAQs
How to install the Jetpack 4.0.3 Security Update

As always, if you have any questions or concerns, drop us a line!

An important security update was released today for WordPress. Version 4.5.2 fixes several vulnerabilities that could allow users to compromise your site. WordPress versions 4.5.1  and earlier are vulnerable, and should be updated to the latest version of WordPress as soon as possible.

We encourage everyone to head over to Dashboard → Updates in their WordPress dashboard, and click “Update Now”. Once you’re running WordPress 4.5.2, you’re protected from these vulnerabilities.

We also recommend that you take this moment to ensure you’re running the latest and greatest version of VaultPress. You can do so by heading back to Dashboard → Updates in your WordPress dashboard. If an older version of VaultPress is listed on this page, you’ll have the opportunity to upgrade to the latest version with a single click. You can also find our plugin in the Plugin Directory.

By running the latest versions of WordPress, VaultPress, and all your themes and plugins, you help to ensure that your site remains safe, secure, and speedy! As always, if you have any questions, drop us a line.

A couple of important security and maintenance updates have been released for the Jetpack plugin.

You can protect yourself by upgrading to the latest version of Jetpack 3.7.2, under Dashboard → Updates in your WordPress dashboard.

The security updates fixed a vulnerability, reported by Sucuri, that allowed an attacker to exploit the contact form present in Jetpack through a specially crafted malicious email address. A vulnerability was also reported by Jaime Delgado Horna of Listae that showed that Jetpack version 3.7.0 is vulnerable to an information disclosure vulnerability in certain hosting configurations.

Both of these threats have been addressed in the recent update.

We have attempted to automatically upgrade any VaultPress customers that are running an outdated version of Jetpack. You can verify that you’re running the latest version of Jetpack 3.7.2, on the Plugins page in your WordPress dashboard.

As always, if you have any questions, drop us a line!