Sucuri recently discovered a stored XSS in all versions from 2.0 (released in November 2012) of the popular WordPress plugin Jetpack. The plugin has over 1 million active installs and is made by Automattic, the company behind WordPress. The vulnerability can easily be exploited via wp-comments and allows hackers to take over administrator accounts.
[Solution] Upgrade to Jetpack version 4.0.3
As always, we recommend you to run regular security tests on your website to keep up with all the latest vulnerabilities.