Create

Learnxpress

WordPress

Jetpack 3.7.2 Patches Two Security Vulnerabilities

0views
0

Jetpack 3.7.2 is available for download and patches two security vulnerabilities. The first is a cross-site scripting vulnerability in the contact form due to improper input sanitation that affects Jetpack 3.7.0 and below. Marc-Alexandre Montpas of Sucuri is credited with responsibly disclosing the vulnerability.

The second is an information disclosure vulnerability present in certain hosting configurations responsibly disclosed by Jaime Delgado Horna of Listae. In addition to patching the vulnerabilities, 3.7.2 also fixes an error with the REST API that creates multiple drafts and published posts. Other notable fixes includes:

  • Updating the Google+ logo in our sharing buttons.
  • Adding custom capabilities for module management for multisite installs.
  • Fixing a bug that was sending the contact form response fields in the wrong order.

Montpas has additional information on the cross-site scripting vulnerability discovered in Jetpack on the Sucuri blog, including a timeline of events. Please update to Jetpack 3.7.2 as soon as possible to protect your sites.

WordPress Tavern

, , , ,

Like it? Share with your friends!

0

What's Your Reaction?

hate hate
0
hate
confused confused
0
confused
fail fail
0
fail
fun fun
0
fun
geeky geeky
0
geeky
love love
0
love
lol lol
0
lol
omg omg
0
omg
win win
0
win
Anand Narayanaswamy

Posted by

Anand Narayanaswamy is the editor-in-chief of Learnxpress. He was a Microsoft Most Valuable Professional (MVP) for a period of 9 years. He is a ASPInsider based in Trivandrum, Kerala State, India. Anand is the author of Community Server Quickly published by Packt Publishing.

0 Comments

Your email address will not be published. Required fields are marked *

log in

[nextend_social_login]

Captcha!
Forgot password?

forgot password

Back to
log in