WordPress Forced Updates vs Auto-Updates and Abusing User Defined Intent

On June 1st, Automattic’s JetPack plugin released an update to patch an exploitable vulnerability. The vulnerability was found in their Carousel feature. The release invites plugin users to update their version. It warns that while it’s not known to be actively exploited it could be now that it’s been released. One thing it fails to … Continue reading WordPress Forced Updates vs Auto-Updates and Abusing User Defined Intent