Whew a busy night and morning. Automattic announced the discovery of a critical security vulnerability in their Jetpack WordPress Plugin.
Jetpack is a widely used Container Plugin. What I mean by that is Automattic has combined many different capabilities (and plugins) under one umbrella to make it easier for WordPress users. Jetpack started life as features of WordPress.com that were subsequently made available to the WordPress.org community via the Jetpack Plugin.
You’ll find details of this issue on the JetPack Blog.
If you have a WordPress website, please check your plugin list.
If you use Jetpack, update it as soon as possible.