Announced by Sucuri today Oct 01, 2015...
Quote:
Security advisory: Stored XSS in Jetpack
Security Risk: Dangerous
Exploitation Level: Easy/Remote
DREAD Score: 8/10
Vulnerability: Stored XSS
Patched Version: 3.7.1
During a routine audit for our WAF, we discovered a critical stored XSS affecting the Jetpack WordPress plugin, one of the most popular plugin of the WordPress ecosystem.
|
https://blog.sucuri.net/2015/10/secu...n-jetpack.html
http://jetpack.me/news/
If you are using the WP JetPack Plugin you will want to immediately upgrade the plugin or disable if unable to upgrade immediately.
https://wordpress.org/plugins/jetpack/
As always FutureQuest encourages anyone running any scripts, such as
WordPress, to ensure they maintain the most up to date version and install
any patches released to reduce the chances of a compromise of your site.
This also includes any plugins, addons and themes...
It is always best to subscribe to any Security or Update mailing list provided
by the Authors of the script(s) you are running.
The FutureQuest Team
Linear Mode
