Protect yourself now if you’re using Jetpack
JetPack from WordPress have announced a critical vulnerability for this plugin. The issue is with the shortcode embeds function JetPack Module and allows a hacker to carefully place a shortcode in a comments field to inject malicious JavaScript code.
If you dont have this module enabled then you are not at risk, however we strongly recommend that you update your version of Jetpack immediately to the latest version.As this is a cross site (XSS) vunarability the attacker could gain access to your admin account, inject SEO spam on affected pages or even divert customers to another site.
As always only have plugins installed that you actually use, furthermore only have modules in Jetpack enabled that you use.
Credit to Marc-Alexandre Montpas from Securi for his research and responsible disclosure of this issue.