/plushcap/analysis/cloudflare/our-waf-is-keeping-wordpress-jetpack-on-track

Jetpack for WordPress: automatic protection

What's this blog post about?

On April 10, 2014, a security flaw in the popular WordPress plugin Jetpack was discovered. The vulnerability allowed attackers to perform actions on blogs without logging in, such as posting content. This issue has been assigned CVE number CVE-2014-0173 and is fixed in Jetpack 2.9.3. All users of the plugin are advised to update immediately. CloudFlare customers using WordPress are automatically protected against this bug through a Web Application Firewall (WAF) rule, but upgrading Jetpack is still recommended for optimal security.

Company
Cloudflare

Date published
April 10, 2014

Author(s)
Simon Moore

Word count
187

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.