Automattic force deploys a security update on over five million websites running the Jetpack WordPress plug-in. Jetpack provides free security, performance, and website management features, including brute-force attack protection, site backups, secure logins, and malware scanning. The vulnerability was found in the Carousel feature and its option to display comments for each image, with nguyenhg_vcs credited for responsibly disclosing the security bug. The Jetpack development team added that it found no evidence the vulnerability has been exploited in the wild.
Source: https://www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/