It is a warning to all WordPress users: update your Jetpack plug-in right now to protect your site from a huge security breach. CSO Online reports that the popular plug-in has a flaw that could make your site vulnerable to attacks.
Many are using Jetpack as a free tool for website optimization, management, and security features. With more than a million active installation, web security firm Sucuri is warning users about its findings. It claims to have found a stored cross-site scripting (XSS) vulnerability. All Jetpack released since 2012 are vulnerable and should be updated immediately.
CSO explains how this can cause a huge problem for WordPress users.
Jetpack developers are answering causes for concern by working closely with WordPress’ security experts. They will push an update for all affected versions through an auto-update. Sucuri’s researcher, Marc-Alexandre Montpas explained the vulnerability a bit more.
“The vulnerability can be easily exploited via wp-comments and we recommend everyone to update asap, if you have not done so yet,” Montpas said.
This isn’t the first time a plug-in was found to cause a security issue with WordPress sites.