The Jetpack WordPress plugin, used on 27 million sites, has addressed a critical vulnerability allowing logged-in users to access forms submitted by others; the flaw was detected during an internal audit and existed since 2016, with a fix implemented in 101 different versions starting from 3.9.9; although no known exploits exist yet, the potential risk of abuse led to immediate updates; the issue, located in the Contact Form feature, was closely monitored and resolved in collaboration with the WordPress
org Security Team; this incident follows a previous critical flaw fix in June 2023 and a recent dispute between WordPress's founder and WP Engine, leading to the creation of Secure Custom Fields by WordPress.org. https://thehackernews.com/2024/10/wordpress-plugin-jetpack-patches-major.html