Jetpack plug-in for WordPress vulnerable to XSS
A million users could be at risk.
Bloggers using the WordPress platform are being advised to update the Jetpack plug-in to avoid a cross-site scripting vulnerability.
One million users of the plug-in – which was developed by Automattic, the makers of WordPress – could be at risk. The tool provides website enhancements, management and security features.
The flaw – which impacts Jetpack releases since 2012, beginning with v2.0 – was detected by web security firm Sucuri. The bug is located in the Shortcode Embeds Jetpack module, a shortcut function enabled by default that allows users to embed videos, images, documents, tweets and other materials.
Update as soon as possible, said the researchers.