Product news

Jetpack 12.1.1: Critical Security Update

Author avatar
Jeremy Herve

Earlier today, we released a new version of Jetpack, 12.1.1. This release contains a critical security update. While we have no evidence that this vulnerability has been exploited yet, please update your version of Jetpack as soon as possible to ensure the security of your site.

To help you in this process, we have worked closely with the WordPress.org Security Team to release patched versions of every version of Jetpack since 2.0. Most websites have been or will soon be automatically updated to a secured version.

During an internal security audit, we found a vulnerability with the API available in Jetpack since version 2.0, released in 2012. This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation.

Here is a full list of the 102 different versions of Jetpack we’ve released today:

2.0.9, 2.1.7, 2.2.10, 2.3.10, 2.4.7, 2.5.5, 2.6.6, 2.7.5, 2.8.5, 2.9.6, 3.0.6, 3.1.5, 3.2.5, 3.3.6, 3.4.6, 3.5.6, 3.6.4, 3.7.5, 3.8.5, 3.9.9, 4.0.6, 4.1.3, 4.2.4, 4.3.4, 4.4.4, 4.5.2, 4.6.2, 4.7.3, 4.8.4, 4.9.2, 5.0.2, 5.1.3, 5.2.4, 5.3.3, 5.4.3, 5.5.4, 5.6.4, 5.7.4, 5.8.3, 5.9.3, 6.0.3, 6.1.4, 6.2.4, 6.3.6, 6.4.5, 6.5.3, 6.6.4, 6.7.3, 6.8.4, 6.9.3, 7.0.4, 7.1.4, 7.2.4, 7.3.4, 7.4.4, 7.5.6, 7.6.3, 7.7.5, 7.8.3, 7.9.3, 8.0.2, 8.1.3, 8.2.5, 8.3.2, 8.4.4, 8.5.2, 8.6.3, 8.7.3, 8.8.4, 8.9.3, 9.0.4, 9.1.2, 9.2.3, 9.3.4, 9.4.3, 9.5.4, 9.6.3, 9.7.2, 9.8.2, 9.9.2, 10.0.1, 10.1.1, 10.2.2, 10.3.1, 10.4.1, 10.5.2, 10.6.2, 10.7.1, 10.8.1, 10.9.2, 11.0.1, 11.1.3, 11.2.1, 11.3.3, 11.4.1, 11.5.2, 11.6.1, 11.7.2, 11.8.5, 11.9.2, 12.0.1, 12.1.1.

If your site is running any of these versions, your website is not vulnerable to this issue.

We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, it is possible that someone will try to take advantage of this vulnerability.

We apologize for any extra workload this may put on your shoulders today. We will continue to regularly audit all aspects of our codebase to ensure that your Jetpack site remains safe.

This entry was posted in Releases and tagged . Bookmark the permalink.
Releases
Jeremy Herve profile
Jeremy Herve

WordPress, TV Series, music, kids, and board games. I think that's probably the best way to define me in a few words. 🙂 I work at Automattic where I lead a team building tools for bloggers and creators. I talk a lot about WordPress things, but also about all things open source in general. I live in Brittany, France, so you'll also find me sharing pictures from our beautiful region from time to time.

Explore the benefits of Jetpack

Learn how Jetpack can help you protect, speed up, and grow your WordPress site. Get up to 50% off your first year.

Explore plans

Have a question?

Comments are closed for this article, but we're still here to help! Visit the support forum and we'll be happy to answer any questions.

View support forum