Jetpack WordPress plugin vulnerability

Apparently, jetpacks are dangerous for more than the obvious reason. It was announced yesterday that the popular WordPress plugin, Jetpack was discovered to have a security hole that allows a serious Cross-Site Scripting (XSS) vulnerability to be injected. This security hole is a high-level threat and effects any Jetpack installation up to and including version 3.7.

Please check your plugins directory and update Jetpack to the current patched version immediately.

Unlike many other XSS attacks, this one is an especially nasty Stored XSS vulnerability. It allows code to be injected into a web server through the exploited plugin. When a user then logs into your site it allows the malicious code to have the ability to compromise that user. If you are a Cinch customer, your site has already been evaluated and updated as needed.

On the lighter side of the web, there is this.

Leave a Reply

Your email address will not be published. Required fields are marked *

See if Cinch is right for you.

Ask us anything. Seriously. Like, what is the air speed velocity of an unladen swallow?

Start a chat right now

Or go ahead and Sign up now