Jetpack 13.9.1 Patches a Critical Security Flaw – WP Tavern
Jetpack 13.9.1, a essential safety replace, was launched yesterday to repair a vulnerability within the Contact Kind characteristic that had been current since 2016. This flaw allowed logged-in customers of a web site to entry kinds submitted by guests.
The vulnerability was found throughout an inner safety audit, prompting the Jetpack staff to collaborate with the WordPress.org Safety Workforce to launch patches for all variations of Jetpack relationship again to three.9.9.

The Jetpack staff additionally warned: “We have now no proof that this vulnerability has been exploited within the wild. Nonetheless, now that the replace has been launched, it’s potential that somebody will attempt to reap the benefits of this vulnerability.”
Wordfence staff shared that the plugin is “susceptible to unauthorized entry of knowledge as a result of lacking functionality checks within the Contact_Form_Endpoint class in varied variations model as much as, however not together with, 13.9.1. This makes it potential for authenticated attackers, with subscriber-level entry and above, to learn all Jetpack kind submissions on the location.”
The vulnerability has been given a CVSS rating of 4.3, and customers are suggested to replace to Jetpack 13.9.1 to safe their web sites.
The Jetpack staff reassured customers, stating, “We are going to proceed to commonly audit all points of our codebase to make sure that your Jetpack web site stays protected.”