During regular research audits for our Sucuri Firewall (Cloud-based WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more than a million WordPress sites. The vulnerability can be easily exploited via wp-comments and we recommend everyone to update asap, if you have not done so yet. Vulnerability Disclosure Timeline:…

The post Security Advisory: Stored XSS in Jetpack appeared first on Sucuri Blog.