Jetpack Plugin Security Advisory
The wonderful team at Sucuri, a website security firm has found a concerning Cross Site Scripting vulnerability in a widely used plugin called Jetpack. During their regular research audits of their cloud-based firewall logs they found the vulnerability could be exploited through wp-comments.
Are you at Risk?
Sucuri states that the security hole is located in the Shortcode Embeds jetpack module, which means if you do not have this enabled then you are safe from this current security vulnerability.
If the Shortcode Embeds module is enabled the hacker can use the security hole to post a comment to inject bad code on your website.
The vulnerability is a form of Cross-site scripting vulnerability which means the hacker could use this security hole to take admin accounts, redirect traffic to malicious websites, or inject bad SEO such as spam throughout the site.
We recommend you update immediately!
Red Technologies recommends updating the plugin immediately to make sure you are not at risk of this exploit. If you are unsure how to update plugins or if you would like to talk with Red Technologies about how to protect your website and learn more about WordPress Security and Maintnenace services, visit https://redtechnologiesinc.com/what-we-do or click here to contact us!