Today a critical vulnerability was found in one of the most popular and widely used WordPress plugins – Jetpack. Fortunately, according to the plugin authors there is no evidence that this issue has been used to hack real sites. However, an update of the plugin was released – Jetpack 4.0.3.
As usual, our security team was pro-active and updated our WAF (web application firewall), adding rules to prevent the hack from being used. This means that even if your plugin is not updated to the latest version, your site will still be protected. However, we urge all Jetpack users to update the plugin to its latest version in which the vulnerability is patched.