If you are running a WordPress blog, it’s very likely that you’ve also enabled the popular plugin from Jetpack. A few days ago, Jetpack has announced a Critical Security Update for sites running their plugin. Any site with a Jetpack Plugin version number after 1.9 and up to 2.9.3 (which fixes the security hole) should update their installation.
“During an internal security audit, we found a bug that allows an attacker to bypass a siteās access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012.”
http://jetpack.me/2014/04/10/jetpack-security-update/
UPDATE (2015-04-27): The latest version of the Jetpack Plugin is now V. 3.5. See: https://wordpress.org/plugins/jetpack/
Follow me on Social Media