Have a WordPress Website? Make Sure You Update These Plugins!
If you have Jetpack or WP Mobile Detector plugins installed on your WordPress website then you may want to stop reading this and go make sure you’re running the latest version.
Internet security firm Sucuri recently discovered critical vulnerabilities within both the Jetpack and WP Mobile Detector plugins that can leave websites wide open to cyberattacks.
#1 Plugin to Update: Jetpack
The widely-used Jetpack plugin contains a stored XSS vulnerability that can be “easily exploited” by an attacker to inject spam into pages, redirect visitors to malicious sites or even hijack admin accounts. That’s a pretty significant bug for a plugin used on over 1 million websites to have.
On the upside, the flaw is associated with the Shortcode Embeds feature within Jetpack, so if you have that disabled then your site is NOT at risk. Still, it would be a good idea to update to Jetpack 4.0.3 ASAP.
#2 Plugin to Update: WP Mobile Detector
The budding WP Mobile Detector plugin had a 0-day arbitrary file upload vulnerability that attackers could use to upload malicious files into the target site, according to the related Sucuri blog post.
Users were initially advised to uninstall the plugin completely, but now the threat can be mitigated by updating to version 3.6 or higher.
Tired of Having to Manage WordPress Updates?
Keeping up with WordPress updates is vital to website security, so you may want to consider opting for a website maintenance plan if you’re having trouble keeping your WordPress site up-to-date. We provide cost-effective WordPress maintenance packages so you don’t have to worry about applying updates. Contact us to learn more!