Hi @dizzyatinnocraft
Had a reply back from JetPack as follows which confirms it is a false positive in their scan (it has just picked up the malicious domain referenced in the Matomo code and flagged that). Message as follows:
It seems that it’s caching a list of spam referrer websites, under the name?ReferrerSpamFilter-referrer_spam_blacklist. That list of spam websites includes some malicious sites, including one that is triggering the alert you’re getting from Jetpack Protect.
?
That doesn’t mean your site is vulnerable though, since that malicious site isn’t found anywhere on your site; it’s just listed as a site that should be ignored in your stats by the Matomo plugin.
?
You can consequently mark this threat as “Ignored”. Your site is not vulnerable.
Thank you for looking into it – I think you can close this now.
