Just before I write this I am going to alert our web team so they can check our clients have the WordPress patch installed and if not get it done for them…
The WordPress JetPack is a useful add-on for WordPress websites that provides a range of extra functionality – consequently lots of site use it. So a vulnerable flaw in the software needs patching immediately as the number of potential victims of an attack numbers in the millions.
So WordPress is forcing out an update to sites using JetPack
WordPress force installs critical Jetpack patch on 5 million sites (bleepingcomputer.com)
Have you checked whether your JetPack install has been patched?
I will refer you to this article that discusses the amount of trust many organisations invest in their web designers without thinking about it:
How much are you relying on your web designer to protect your reputation?
You should have a record in your Master Cyber Security Document about your website and the software it uses, so when you see an article about WordPress vulnerabilities you should at least know whether it impacts you. Then you should check that the web designers have taken the appropriate actions.
Do you want more evidence that you should know if your website uses WordPress?
Here is another plugin with a problem:
WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection (bleepingcomputer.com)
Our web team supports web designers with their cyber security for their clients – they could do the same for your web designers if they need it.
Clive Catton MSc (Cyber Security) – by-line and other articles
