According to Michael Mimoso over Threatpost, Automattic has released a new patch to the highly popular Jetpack for WordPress plugin. The patch addresses a vulnerability in stored XSS with and includes an update to the core WordPress engine, which is a rarely done.
Plugin insecurities have been the cause of many attacks and hacks against WordPress sites. The highly popular Jetpack plugin has been downloaded more than one million times from WordPress.org. Jetpack adds powerful features previously only available to WordPress.com users including customization, traffic, mobile, content, and performance tools.
Primarily, security issues related to WordPress originate with plugin vulnerabilities; and just last month, WordPress released version 4.3.1, patching three major vulnerabilities, including a very serious one found in the shortcodes feature.
To read more about this WordPress Jetpack Plugin Security Patch click on the link below to read the full article: