Most of those who used WordPress to create their websites have probably heard of a tool called JetPack. According to security researchers, the plugin has had a major vulnerability which allowed hackers to inject malicious code into the websites ever since 2012. The good news is that the JetPack team has released fixes for all the available versions of the plugin, but you will need to upgrade as soon as possible so that your website's visitors will no longer be at risk.
For those of you who aren't familiar with the topic, the JetPack plugin offers those who create websites using the WordPress platform free options for optimization, management and security. It's actually quite popular, with over 1 million installs, so you can understand why this vulnerability poses a major problem. The flaw that was discovered by the researchers from a company called Sucuri is located in the Shortcuts Embeds module, a segment that allows developers to embed third-party content such as videos, documents, images, tweets, etc. into websites. Once the malware was injected, the attackers would be able to redirect the website's visitors to fraudulent websites or steal their authentication cookies.
In his announcement regarding the security breach Sucuri's Marc-Alexandre Montpas wrote: "The vulnerability can be easily exploited via wp-comments and we recommend everyone to update asap, if you have not done so yet." JetPack's team has already created fixes for all the plugin's version, and if you need more details about them or if you want to install patch, you should visit the product's official website.
If you're someone who likes to or would want to create their own website, then you should also check out some of our older articles such as: "The Basics of Web Development: Part I" or "Best Tools to Help You Build Your Own Website".