Yesterday we became aware of a vicious security hole in the JetPack plugin that so many of you use.
If you want to learn the details about this security hole, read this: http://jetpack.me/2014/04/10/jetpack-security-update/
Note that while the bug was only recently discovered, it has existed since October 2012 and “allows an attacker to bypass a site’s access controls and publish posts.”
It is extremely unlikely that you or any site owner you know was affected by the bug. However, now that the word is out, all sites using non-updated versions of JetPack are vulnerable.
So, as we always do when the security of your site is at stake, we sprung into action to and updated the JetPack plugin.
If you are not using JetPack, obviously you have no action to take.
If you are using JetPack, we simply advise that you login and ensure that JetPack is updated. It should be.
In the unlikley event that your JetPack is not updated, run the upgrade from inside your dashboard. Then you will be safe from this bug. (If you have to run the upgrade and experience any issues, submit a Help Desk ticket immediately.)