WordPress plugin (Jetpack) Vulnerability
We received the following notice from one of the website security services we subscribe to. We have evaluated and implemented corrective measures to any of our current clients an can assure that all websites under any of our Maintenance Packages have been secured against any issues and none have been affected.
We encourage clients and others reading this notice to take the measure noted below to safeguard their websites as well.
email from Sucuri Security to The Image Stop ltd.
During a routine audit of our Web Application Firewall (WAF), we discovered a stored XSS vulnerability affecting the Jetpack WordPress Plugin, one of the most popular plugins of the WordPress ecosystem.
Security Risk: Dangerous
This email does not mean you are affected!! Being proactive in the protection of your site is one of the most important aspects of having a solid security posture. Therefore, we feel it’s important to research and report on all potential threats as quickly as possible.
The vulnerability affects users of Jetpack versions < = to 3.7 that use the contact form module present in the plugin, which is activated by default. An attacker can exploit this issue by providing a specially crafted malicious email address in one of the site’s contact form pages.
Owner and Creative Director | The Image Stop ltd.
Greg has been in marketing and advertising for over 30 years, 23 of the last years as owner of The Image Stop ltd. His background and schooling in this area coupled with his studies in human psychology have created repeated successes for bot his company and clients alike. For fun Greg practises and performs as a magician / impersonator and mentalist.
Mailing Address: 47 Cedarbrook Close SW Calgary, Alberta T2W 5B8