Yesterday it gave warning about a serious security flaw detected in one of the most famous and used within the WordPressplatform modules. We talk specifically about Jetpack , and according to the users who have managed to detect the fault, apparently the same enabled theft of user credentials. Because of this has been sent urgent messages so that all administrators of platforms based on WordPress which used this module well it turns off or upgrading to a corrected version of the same.
If you have not ever worked with WordPress you will not know very well what I’m talking about and what has been the exact problem. By way of detail, let know you that Jetpack is possibly the most popular and used plug-in for all managers whose websites make use of this content management system. What gives this plug-in is basically various extras to add to the control panel that offers WordPress in a way that significantly improve the administration of the site thanks to a series of modules that you can activate and deactivate completely independently.
At least we can now announce that after this terrible bug in the security of the company behind its development, Automatic, Jetpack also responsible for the development of WordPress, it has launched an update of safety to all administrators, as has been announced, they should be installed as soon as they are aware of the problem. As detail, let know you that the fault has been located in the module Shortcode Embeds Jetpackitself that is responsible for allowing the inclusion of images, external videos, documents…
This failure has been detected by the company Sucuri and affects all subsequent 2012 Jetpack, specifically to the 2.0 version of the well-known WordPress module. Because of this problem, any advanced user could easily inject malicious JavaScript code allowing you to steal the cookies of the user, including all kinds of keys and access credentials, and even redirect it to exploits.
More information: pcword
