WordPress plugin (Jetpack) Vulnerability
![](https://theimagestop.com/wp-content/uploads/2015/10/iS_Square_CIRCLE_NOTICE.jpg)
We encourage clients and others reading this notice to take the measure noted below to safeguard their websites as well.
email from Sucuri Security to The Image Stop ltd.
During a routine audit of our Web Application Firewall (WAF), we discovered a stored XSS vulnerability affecting the Jetpack WordPress Plugin, one of the most popular plugins of the WordPress ecosystem.
Security Risk: Dangerous
This email does not mean you are affected!! Being proactive in the protection of your site is one of the most important aspects of having a solid security posture. Therefore, we feel it’s important to research and report on all potential threats as quickly as possible.
Synopsis:
The vulnerability affects users of Jetpack versions < = to 3.7 that use the contact form module present in the plugin, which is activated by default. An attacker can exploit this issue by providing a specially crafted malicious email address in one of the site’s contact form pages.