An important security update has been released for the Jetpack plugin.

You can protect yourself by upgrading to the latest version of Jetpack 4.0.3, under Dashboard → Updates in your WordPress dashboard.

With our release of version 1.8.3 of the VaultPress plugin, we have implemented a fix for this threat in order to protect any VaultPress customers that are running an outdated version of Jetpack. We automatically upgraded as many sites as we could to this new version of VaultPress. 

The security update fixed a vulnerability that allowed an attacker to exploit the way that some Jetpack shortcodes are processed. This bug has existed since Jetpack 2.0, released in November 2012. Thank you to Marc-Alexandre Montpas from Sucuri for his research and responsible disclosure of this issue. According to the Jetpack team, there is no evidence of this threat being used out in the wild. With this announcement though, exploits will begin to occur and it’s crucial updates are taken care of!

To make sure you are protected, please review these resources:

Jetpack 4.0.3 Security Update – FAQs
How to install the Jetpack 4.0.3 Security Update

As always, if you have any questions or concerns, drop us a line!