A Zero-Day vulnerability has been discovered in the Jetpack plugin in Wordpress
The vulnerability in the Jetpack plugin which is able to process embed code:
Call to action
The JetPack plugin was updated on November 19, 2019. Wordpress Toolkit will automatically install Jetpack update if auto-updates are enabled.
If auto-updates are disabled it is required to update the Jetpack plugin manually as soon as possible to the 7.9.1 version or higher.
To find the Wordpress instances with installed JetPack plugin use the following solutions:
- Log in to Plesk
- Go to Wordpress > Plugins and type in search field "Jetpack". It will show all the websites with Jetpack installed and information about the installed version: