WPEngine Jetpack = security issues?

  • Resolved stl99

    (@stl99)


    10 years, 5 months ago

    Hi there,

    A couple of months ago hosting company WPEngine informed me about possible security risks when using the Jetpack share via email feature. I recently contacted them again regarding this and they told me Jetpack still needs to fix this.. Here’s what they told me:

    “We are contacting you to inform you of a proactive security change we are taking regarding the Jetpack plugin which is used on your site. The Jetpack team has identified that attackers can send spam through the “send to email address” form and they’re working on closing this loophole. You can see their findings and recommendations in this forum thread https://www.ads-software.com/support/topic/jetpack-social-sharing-feature-exploited-to-send-thousands-of-spam-messages

    At WP Engine, it is our responsibility to provide our customers with a secure hosting environment. As such, we have temporarily disabled the email sharing feature in Jetpack for our customers. No other sharing endpoints (see: Twitter, Facebook, etc.), sharing plugins or Jetpack functionality has been disabled.

    Once the Jetpack team has released a fix, we will re-enable email sharing and notify you that an upgrade is available. Should you have any questions in the interim, please feel free to contact our Support team.

    WP Engine Security Team”

    Any ideas when this will be solved?

    Cheers,
    Thomas

    https://www.ads-software.com/plugins/jetpack/

Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘WPEngine Jetpack = security issues?’ is closed to new replies.