A vulnerability was recently discovered in the WordPress Jetpack plugin that affects more than 1 million websites.
The vulnerability is reached through wp-comments and users are being advised to update their plugin immediately.
Am I at Risk?
The vulnerability, discovered by the team at Sucuri, is found in the “Shortcode Embeds” module. This is a shortcode function that allows users to embed media. The vulnerability can be exploited through comments with precise shortcodes that will insert malicious Javascript code on your website.
As a cross-site scripting (XSS) vulnerability, attackers will have the ability to potentially take over admin accounts, insert SEO spam and even redirect visitors to malicious websites.
What Can I do?
Update your plugin immediately says the team at Sucuri.
Also, update your other outdated plugins as well. The leading cause of all vulnerabilities comes from outdated plugins.