Jetpack is a plug-in that offers free website optimization, management and security features. The vulnerability is located in the Shortcode Embeds Jetpack module which allows users to embed external videos, images, documents, tweets and other resources into their content. It can be easily exploited to inject malicious JavaScript code into comments. Jetpack developers have released point releases for all twenty-one vulnerable branches of the Jetpack codebase: 2.0.7, 2.1.4, 3.4.4 and 3.5.4.”]