Here’s what you need to know:

The issue was identified in Jetpack’s Contact Form feature, which could be exploited by logged-in users to read forms submitted by site visitors.

This vulnerability impacted all Jetpack versions starting from 3.9.9 up until the release of the patch.

On October 13, 2024, Jetpack released version 13.9.1 which includes fixes for this vulnerability. Patches were also automatically applied for affected versions, ensuring sites are updated to secure versions.

Users are advised to verify that their Jetpack plugin has updated to one of the secure versions. If an automatic update hasn’t occurred, manual updating is recommended.

While there’s no evidence of exploitation prior to the update, the public disclosure of this vulnerability might prompt attempts to exploit it in the future.

Jetpack, managed by Automattic, is used on approximately 27 million websites, making this update crucial for a significant portion of the WordPress ecosystem.

The update has been discussed across various social media platforms and tech support groups, where users and security experts highlighted the urgency of updating due to the critical nature of the security flaw.

Keeping WordPress, themes, and plugins updated is always recommended for security reasons. Jetpack’s automatic update feature for plugins helps in maintaining site security with minimal user intervention.

This WordPress Jetpack Plugin update not only patches a significant security hole but also underscores the importance of regular updates and security checks for all WordPress users, especially those utilizing plugins like Jetpack which manage sensitive user interactions through features like contact forms.