This is a common issue I’ve seen before. Jetpack uses the WPScan database, which is notorious for slow updates. For example, this entry (https://wpscan.com/vulnerability/2b5919a6-bb6d-4cf1-b6ef-cd17a3b818d6/) is still listed as ‘no known fix’ on WPScan, even though the Wordfence report confirms it’s already patched. Jetpack flags new versions as vulnerable simply because its data source hasn’t been updated yet.
