It is a warning to all WordPress users: update your Jetpack plug-in right now to protect your site from a huge security breach. CSO Online reports that the popular plug-in has a flaw that could make your site vulnerable to attacks.

Many are using Jetpack as a free tool for website optimization, management, and security features. With more than a million active installation, web security firm Sucuri is warning users about its findings. It claims to have found a stored cross-site scripting (XSS) vulnerability. All Jetpack released since 2012 are vulnerable and should be updated immediately.

The flaw was found in the Shortcode Embeds Jetpack module, where users are able to embed external material into their content. It can be used to add malicious JavaScript code into comments.

CSO explains how this can cause a huge problem for WordPress users.

“Since the JavaScript code is persistent, it will get executed in users’ browsers in the context of the affected website every time they view the malicious comment. This can be used to steal their authentication cookies, including the administrator’s session; to redirect visitors to exploits, or to inject search engine optimization (SEO) spam.”

Jetpack developers are answering causes for concern by working closely with WordPress’ security experts. They will push an update for all affected versions through an auto-update. Sucuri’s researcher, Marc-Alexandre Montpas explained the vulnerability a bit more.

“The vulnerability can be easily exploited via wp-comments and we recommend everyone to update asap, if you have not done so yet,” Montpas said.

This isn’t the first time a plug-in was found to cause a security issue with WordPress sites.

推荐阅读：
图中有多少个长方形　 一块正方形的纸板（如图），先剪下宽7厘米的长方形　 数学题:9个队员进行单循环制猜丁壳比赛　 数学题：有三位登山者要攀登一座荒无人烟的大山。出发时每人只能携带够6天的食物　 数学题：一个多位数四舍五入后是1亿，这个数最小是多少?　 新网站优化对于一个企业来说到底有多重要　 大学生如何在渗透测试行业立足　 网站渗透测试中的历程经验记录分析　 百度推出的“鸿雁计划”到底有什么用？对站长有哪些影响？　 如何构建高质量的网站？