Automattic has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in.
Earlier today, we released a new version of Jetpack, 12.1.1. This release contains a critical security update. While we have no evidence that this vulnerability has been exploited yet, please update your version of Jetpack as soon as possible to ensure the security of your site.
To help you in this process, we have worked closely with the WordPress.org Security Team to release patched versions of every version of Jetpack since 2.0. Most websites have been or will soon be automatically updated to a secured version.
Jeremy Herve, Jetpack Mechanic 🚀 at Automattic.
Jetpack 12.1.1, the security patch currently automatically rolling out to all WordPress websites using the plug-in, started rolling out today and has already been installed on more than 4,130,000 sites using every version of Jetpack since 2.0.
This means that most vulnerable websites have already been automatically updated to the latest secure version, and the rest will soon be patched too.
