We received the following notice from one of the website security services wee subscribe to. We have evaluated and our parent company (The Image Stop ltd.) has implemented corrective measures to any of their current clients an can assure that all websites serviced under any of their Maintenance Packages have been secured against any issues and none have been affected.
We encourage clients and others reading this notice to take the measure noted below to safeguard their websites as well.
email from Sucuri Security
During a routine audit of our Web Application Firewall (WAF), we discovered a stored XSS vulnerability affecting the Jetpack WordPress Plugin, one of the most popular plugins of the WordPress ecosystem.
Security Risk: Dangerous
This email does not mean you are affected!! Being proactive in the protection of your site is one of the most important aspects of having a solid security posture. Therefore, we feel it’s important to research and report on all potential threats as quickly as possible.
The vulnerability affects users of Jetpack versions < = to 3.7 that use the contact form module present in the plugin, which is activated by default. An attacker can exploit this issue by providing a specially crafted malicious email address in one of the site’s contact form pages.