We received the following notice from one of the website security services we subscribe to. We have evaluated and implemented corrective measures to any of our current clients an can assure that all websites under any of our Maintenance Packages have been secured against any issues and none have been affected.
We encourage clients and others reading this notice to take the measure noted below to safeguard their websites as well.
email from Sucuri Security to The Image Stop ltd.
During a routine audit of our Web Application Firewall (WAF), we discovered a stored XSS vulnerability affecting the Jetpack WordPress Plugin, one of the most popular plugins of the WordPress ecosystem.
Security Risk: Dangerous
This email does not mean you are affected!! Being proactive in the protection of your site is one of the most important aspects of having a solid security posture. Therefore, we feel it’s important to research and report on all potential threats as quickly as possible.
The vulnerability affects users of Jetpack versions < = to 3.7 that use the contact form module present in the plugin, which is activated by default. An attacker can exploit this issue by providing a specially crafted malicious email address in one of the site’s contact form pages.
**NOTE** Unfortunately, due to a dramatic increase in spam we have had to shut down comments for our blog. That said, we do welcome your thoughts and ask that you send the to is via our Contact page. Thank you again for reading and have a great day. Article By: greg T: The Image Stop Ltd. greg T is a graphics and website designer with a foundation and education in marketing and advertising. He has been sought after and consults for several companies concerning their online presence and strategies. For more information or to consult with greg about your company needs use our Contact page and he will reply to you directly.