Eldar

**Name of the Vulnerable Software and Affected Versions** Jetpack WordPress plugin versions prior to 14.1 **Description** The issue is related to the Jetpack WordPress plugin not properly checking the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The problem only affects websites hosted on WordPress.com. **Recommendations** For versions prior to 14.1, update to version 14.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the postmessage functionality until a patch is available.