Have the cached images from the “mshot” service on WordPress.com been compromised in any way? In my test site, I activated Jetpack Comments and added a comment, using my Twitter login. In the Comments list in the admin interface of test site, I immediately noticed that the email link was my Twitter handle @twitter.example.com, which was odd, but not a big deal. (Likely not relevant to this problem.)
However, when I hovered over the author comment URL, a div with the class “mshot-container” displayed with a screenshot that was not of my Twitter account, but of a Polish spam site with a photo of a woman in a white bikini selling some fat burner product.
I tried to test with another Twitter user, but the “mshot” preview never generated.
- The topic ‘[Plugin: Jetpack by WordPress.com] Spammy screenshot generated in Jetpack comments’ is closed to new replies.