Jetpack has announced that it discovered a significant security vulnerability with the Smash Balloon Social Post Feed Plugin.
The threat is described as being “several sensitive AJAX endpoints” which can enable Stored XSS attacks. These attacks allow malicious scripts to be added to posts and pages.
Jetpack reported the vulnerability to the plugin author and an update was issued to resolve the problem.
If you are using the Smash Balloon Social Post Feed Plugin, you should check for an update immediately and ensure you are using version 4.0.1 or higher.
Here at WP Harbor we monitor various resources to ensure we are doing everything we can to protect our clients. One of the benefits of hosting with WP Harbor is that we regularly update plugins and themes for all of our sites. Most updates are security patches and our sites get the latest versions in a timely manner. In the event your site is hacked, we remove all malicious code at no cost to our clients. It’s included!
Again, if you use the Smash Balloon Social Post Feed Plugin, you need to check and make sure you have the latest version (4.0.1 or higher). If you don’t know how to update your plugins or could use assistance, let us know! We’d be happy to help. You can book a call with our Owner and Founder, Chad Lawie, HERE.