Jetpack 12.1.1: Critical Security Update

Updated on May 30, 2023 - Jeremy Herve

Earlier today, we released a new version of Jetpack, 12.1.1. This release contains a critical security update. While we have no evidence that this vulnerability has been exploited yet, please update your version of Jetpack as soon as possible to ensure the security of your site.

To help you in this process, we have worked closely with the WordPress.org Security Team to release patched versions of every version of Jetpack since 2.0. Most websites have been or will soon be automatically updated to a secured version.

During an internal security audit, we found a vulnerability with the API available in Jetpack since version 2.0, released in 2012. This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation.

Here is a full list of the 102 different versions of Jetpack we’ve released today:

2.0.9, 2.1.7, 2.2.10, 2.3.10, 2.4.7, 2.5.5, 2.6.6, 2.7.5, 2.8.5, 2.9.6, 3.0.6, 3.1.5, 3.2.5, 3.3.6, 3.4.6, 3.5.6, 3.6.4, 3.7.5, 3.8.5, 3.9.9, 4.0.6, 4.1.3, 4.2.4, 4.3.4, 4.4.4, 4.5.2, 4.6.2, 4.7.3, 4.8.4, 4.9.2, 5.0.2, 5.1.3, 5.2.4, 5.3.3, 5.4.3, 5.5.4, 5.6.4, 5.7.4, 5.8.3, 5.9.3, 6.0.3, 6.1.4, 6.2.4, 6.3.6, 6.4.5, 6.5.3, 6.6.4, 6.7.3, 6.8.4, 6.9.3, 7.0.4, 7.1.4, 7.2.4, 7.3.4, 7.4.4, 7.5.6, 7.6.3, 7.7.5, 7.8.3, 7.9.3, 8.0.2, 8.1.3, 8.2.5, 8.3.2, 8.4.4, 8.5.2, 8.6.3, 8.7.3, 8.8.4, 8.9.3, 9.0.4, 9.1.2, 9.2.3, 9.3.4, 9.4.3, 9.5.4, 9.6.3, 9.7.2, 9.8.2, 9.9.2, 10.0.1, 10.1.1, 10.2.2, 10.3.1, 10.4.1, 10.5.2, 10.6.2, 10.7.1, 10.8.1, 10.9.2, 11.0.1, 11.1.3, 11.2.1, 11.3.3, 11.4.1, 11.5.2, 11.6.1, 11.7.2, 11.8.5, 11.9.2, 12.0.1, 12.1.1.

If your site is running any of these versions, your website is not vulnerable to this issue.

We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, it is possible that someone will try to take advantage of this vulnerability.

We apologize for any extra workload this may put on your shoulders today. We will continue to regularly audit all aspects of our codebase to ensure that your Jetpack site remains safe.

This entry was posted in Releases and tagged . Bookmark the permalink.
Jeremy Herve profile
Jeremy Herve

Jetpack Mechanic 🚀 at Automattic. WordPress, board games, TV Series, music.

Explore the benefits of Jetpack

Learn how Jetpack can help you protect, speed up, and grow your WordPress site.

Get up to 50% off your first year.

Compare plans

Have a question?

Comments are closed for this article, but we're still here to help! Visit the support forum and we'll be happy to answer any questions.

View support forum

  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 112.3K other subscribers

  • Browse by Topic

    • %d bloggers like this: