A critical stored XSS vulnerability in the Jetpack WordPress plugin was announced yesterday affecting anyone using Jetpack version 3.7 or lower. Jetpack is one of WordPress’ most popular plugins with over 1 million active installs; HostDime has highlighted the pros and cons of Jetpack in the past.
A stored XSS vulnerability is particularly nasty because someone can simply put code on your web server and wait for you to log into WordPress. Here, the exploit affects the contact form module present in the plugin, which is activated by default. The attacker enters a malicious email address in the form, which will get the attacker access to the admin’s code.
For more technical details, head over to Sucuri to read how it was found.
If you have any questions regarding the Jetpack upgrade, please do not hesitate to contact us.
Jared Smith is HostDime’s Content Strategist.
HostDime.com, Inc is a global data center infrastructure provider offering an array of cloud products from managed hosting servers to colocation services that cater to a range of clients, from entry-level to enterprise-level operations. HostDime owns and operates infrastructure and networks in seven countries, with its flagship facility in Florida, USA. Currently with a client base of more than 50,000, HostDime is one of the most reputable data center companies in the world.