A couple of important security and maintenance updates have been released for the Jetpack plugin.

You can protect yourself by upgrading to the latest version of Jetpack 3.7.2, under Dashboard → Updates in your WordPress dashboard.

The security updates fixed a vulnerability, reported by Sucuri, that allowed an attacker to exploit the contact form present in Jetpack through a specially crafted malicious email address. A vulnerability was also reported by Jaime Delgado Horna of Listae that showed that Jetpack version 3.7.0 is vulnerable to an information disclosure vulnerability in certain hosting configurations.

Both of these threats have been addressed in the recent update.

We have attempted to automatically upgrade any VaultPress customers that are running an outdated version of Jetpack. You can verify that you’re running the latest version of Jetpack 3.7.2, on the Plugins page in your WordPress dashboard.

As always, if you have any questions, drop us a line!