WordPress Jetpack Plugin XSS Vulnerability

Wordpress Jetpack plugin security update

A vulnerability was recently discovered in the WordPress Jetpack plugin that affects more than 1 million websites.

The vulnerability is reached through wp-comments and users are being advised to update their plugin immediately.

Am I at Risk?

The vulnerability, discovered by the team at Sucuri,  is found in the “Shortcode Embeds” module. This is a shortcode function that allows users to embed media. The vulnerability can be exploited through comments with precise shortcodes that will insert malicious Javascript code on your website.

As a cross-site scripting (XSS) vulnerability, attackers will have the ability to potentially take over admin accounts, insert SEO spam and even redirect visitors to malicious websites.

What Can I do?

Update your plugin immediately says the team at Sucuri.

Also, update your other outdated plugins as well. The leading cause of all vulnerabilities comes from outdated plugins.

Recommended Posts