We are reaching out to you today to alert you to a vulnerability that has the potential to impact websites utilizing the JetPack plugin. We feel it is our responsibility to keep our community informed and, as always, we are happy to answer your questions.
As it is a Stored Cross-Site Scripting (XSS) vulnerability, it could allow an attacker to hijack administrator accounts, inject SEO spam to the affected page, and redirect visitors to malicious websites.
Being proactive in the protection of your site is of one of the most important aspects of having a solid security posture. Therefore, we feel it's important to research and report on all potential threats as quickly as possible.
Below is a video we recently produced which explains How Websites Get Hacked