As many of you are well aware, Jetpack is a utility plugin offered by WordPress.com.
I personally don’t use it because it’s heavy and I also don’t find functionalities Jetpack offer not very compelling.
Sucuri have found a stored cross-site scripting (XSS) vulnerability that affects all Jetpack releases since 2012, starting with version 2.0.
XSS vulnerability doesn’t put the site at risk per se.
However, XSS vulnerabilities are known to grant a skilled attacker the possibility of taking over user accounts, including the main admin profile. Sucuri points out that you don’t necessarily have to take over a user account, though, and attackers could simply use this XSS flaw to insert SEO spam on a site or embed redirections that will steal Web traffic.
The Jetpack team released version 4.0.3 on May 26 to address the issue discovered and reported by Sucuri on May 12.Tags: Jetpack, wordpress, XSS
Categorized in: Web Development
This post was written by hackya