WordPress Force Installs Security Update for Jetpack Plugin
Developer Automattic is forcibly rolling out a security update to WordPress plugin Jetpack to fix a vulnerability in the carousel feature. It is not clear what kind of vulnerability this is.
The vulnerability was discovered in the plugin’s carousel feature according to Bleeping Computer. Furthermore, the developer does not specify what kind of vulnerability it is and what the risks of the vulnerability are. As far as we know, the vulnerability has not been exploited.
Automattic installs the patch on more than five million WordPress sites. These are all WordPress sites that have Jetpack 2.0 or a later version installed. The update will be installed automatically.
This isn’t the first time WordPress has used the ability to force an update to install. The security team of the content management system has already installed updates automatically several times to close security holes.
The Jetpack update patch notes contain a current list of updated versions of the plugin.