A severe Jetpack vulnerability has been disclosed and patched in Jetpack. The bug allows attackers to publish posts, and has existed since 2012. The Jetpack blog post states the following: During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined…
Friday was a bit slow so I figured I’d wait for a weekend edition. We’re going to pack it all into one Note. Jetpack had two vulnerabilities: one in the contact form (technically explained by Sucuri) and one limited to specific hosting configurations. They also showed off their new plugin browser I mentioned last week….
Beka Rice and I cover the week in WordPress news with a short format (~15 minute) podcast. This week we talk about Mesh (an upcoming app by Automattic), 4.3 and 4.4 release leads, April Fools’, and Array’s year in review.
WordPress.com has a new post editor, that you can also use if you have a Jetpack enabled WordPress site. Apparently it’s really fast. Improvements like these are important for their platform, and it seems well received in the comments.
Before now, deleting Jetpack enabled sites from WordPress.com was pretty hard unless you were in the WordPress admin. Now you can finally do it from the WordPress.com side, which is nice when the site no longer exists.
We’re sad to report that Alex Mills passed away on Wednesday evening. His loss is felt deeply and widely in the community and to his friends and family. Many people know about Alex from his software, his responsibilities at Automattic on the Jetpack team, and his long-time involvement in the WordPress community. Stephane Daury offered a better…