The Jetpack WordPress plugin has addressed a critical vulnerability allowing logged-in users to access others' form submissions, impacting 27 million sites since 2016.
'The vulnerability… could be used by any logged in users on a site to read forms submitted by visitors on the site,' explained Jetpack's Jeremy Herve.
Jetpack, developed by Automattic, the makers of WordPress, is widely used and has now been updated to remediate a flaw affecting previous versions.
Despite no evidence of the vulnerability being exploited, public disclosure heightens the risk of potential abuse, necessitating prompt action from plugin maintainers.
Collection
[
|
...
]