Hi @dizzyatinnocraft
Had a reply back from JetPack as follows which confirms it is a false positive in their scan (it has just picked up the malicious domain referenced in the Matomo code and flagged that). Message as follows:
It seems that it’s caching a list of spam referrer websites, under the name ReferrerSpamFilter-referrer_spam_blacklist. That list of spam websites includes some malicious sites, including one that is triggering the alert you’re getting from Jetpack Protect.
That doesn’t mean your site is vulnerable though, since that malicious site isn’t found anywhere on your site; it’s just listed as a site that should be ignored in your stats by the Matomo plugin.
You can consequently mark this threat as “Ignored”. Your site is not vulnerable.
Thank you for looking into it – I think you can close this now.
Thanks @dizzyatinnocraft – I have emailed you the file and reported to Jetpack also.
