Jetpack 2.9.3: Critical Security Update
Description
Jetpack versions 1.9 through 2.9.2 contain an authentication bypass vulnerability that allows unauthorized users to circumvent access controls and publish content. This flaw was discovered during an internal security audit by the Jetpack team and has been present since October 2012.
The vulnerability can be exploited remotely without authentication and may be chained with other attacks to achieve privilege escalation. All installations running affected versions should be updated immediately to version 2.9.3 or later.
Remediation
Immediately upgrade Jetpack to version 2.9.3 or later to remediate this vulnerability. Follow these steps:
- Log in to your WordPress admin dashboard
- Navigate to Plugins → Installed Plugins
- Locate Jetpack in the plugin list and click Update Now
- Verify the update completed successfully by confirming the version number is 2.9.3 or higher
- Review recent posts and site activity for any unauthorized content published during the vulnerable period
If automatic updates are enabled, verify that the update has been applied. For sites with custom deployment processes, ensure version 2.9.3+ is deployed across all environments. Consider enabling WordPress automatic security updates to prevent similar delays in future critical patches.