WordPress Jetpack Vunarability

May 28, 2016

Jetpack Vunarability

Protect yourself now if you’re using Jetpack

JetPack from WordPress have announced a critical vulnerability for this plugin. The issue is with the shortcode embeds function JetPack Module and allows a hacker to carefully place a shortcode in a comments field to inject malicious JavaScript code.

If you dont have this module enabled then you are not at risk, however we strongly recommend that you update your version of Jetpack immediately to the latest version.As this is a cross site (XSS) vunarability the attacker could gain access to your admin account, inject SEO spam on affected pages or even divert customers to another site.

As always only have plugins installed that you actually use, furthermore only have modules in Jetpack enabled that you use.

Credit to Marc-Alexandre Montpas from Securi for his research and responsible disclosure of this issue.

 

 

 

Monthly Archives

Video Tutorials

Follow Us

NOMINET Member
cPanel Hosting
CloudLinux Hosting
imunify360 protected
Softaculous 1 click installs

Pin It on Pinterest

Share This