A vulnerability was found in the MailPoet Newsletters WordPress plugin ( known as wysija-newsletters at the WordPress.org plugin repository ). All versions below 2.6.7 of the plugin are vulnerable.

We’ve deployed a hot fix to VaultPress sites running the MailPoet plugin to protect you from this issue. This hot fix is included as part of the VaultPress 1.6.1 plugin.

When you are ready you should still update to the latest version of the MailPoet plugin. The hot fix that we pushed out addresses the vulnerability, so you have some time to review the update before upgrading.

Providing VaultPress with SSH, SFTP, or FTP connections allows us to push security updates like this to your sites as soon as we have hot fixes for them. You can provide the login credentials in the VaultPress.com account dashboard.

If you have any questions about this update please drop us a note.