Sucuri just released a security advisory about the popular WordPress plugin Jetpack, now in use on over 1 million sites. The security problem is only with the Shortcode Embeds module, so if this isn’t actively running on your site you’re not at risk for this issue (but you should update anyway!). Here’s information from Jetpack […]
Another XSS security issue was found today in the popular poly-plugin Jetpack and the Twenty Fifteen default theme. Both use a set of web icons for blogs called Genericons and this is where the issue lies – an insecure file within the Genericons package. Read more about the problem. WP Minder clients, you’re already patched.