Jetpack 7.9.1 contains a critical security update. You should update all sites that you administer as soon as possible.
We found a vulnerability in the way Jetpack processed embed code that has existed since Jetpack 5.1, released in July 2017. Thank you to Adham Sadaqah for disclosing this issue to us in a responsible manner.
We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, it is only a matter of time before someone tries to take advantage of this vulnerability.
In addition to the security release, Jetpack 7.9.1 fixes a few other minor issues, including improved compatibility with Twenty Twenty, the new default theme for WordPress.
In addition to Jetpack 7.9.1, we worked with the WordPress.org Security Team to release patched versions of every version of Jetpack since 5.1. Most websites have been or will soon be automatically updated to a secured version. Versions released today include 5.1.1, 5.2.2, 5.3.1, 5.4.1, 5.5.2, 5.6.2, 5.7.2, 5.8.1, 5.9.1, 6.0.1, 6.1.2, 6.2.2, 6.3.4, 6.4.3, 6.5.1, 6.6.2, 6.7.1, 6.8.2, 6.9.1, 7.0.2, 7.1.2, 7.2.2, 7.3.2, 7.4.2, 7.5.4, 7.6.1, 7.7.3, 7.8.1, 7.9.1. If you are running any of these versions, your website is not vulnerable to this issue. But, if you’re not running the latest and greatest—7.9.1—your site is missing other security enhancements!
Explore the benefits of Jetpack plans
Compare plans in detail to see how Jetpack can help you design, market, and secure your WordPress site.Compare plans