Jetpack for WordPress: automatic protection
On April 10, 2014, a security flaw in the popular WordPress plugin Jetpack was discovered. The vulnerability allowed attackers to perform actions on blogs without logging in, such as posting content. This issue has been assigned CVE number CVE-2014-0173 and is fixed in Jetpack 2.9.3. All users of the plugin are advised to update immediately. CloudFlare customers using WordPress are automatically protected against this bug through a Web Application Firewall (WAF) rule, but upgrading Jetpack is still recommended for optimal security.
Company
Cloudflare
Date published
April 10, 2014
Author(s)
Simon Moore
Word count
187
Language
English
Hacker News points
None found.