A new exploit in WordPress was disclosed yesterday, revealing that an XSS attack can be made through comments on your WordPress blog.
There are several examples of hackers attempting to exploit this, so the threat is definitely a real one to webmasters who allow commenting through WordPress.
This came from the securi blog
If your WordPress site allows users to post comments via the WordPress commenting system, you’re at risk. An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser.
You should definitely disable comments on your site until a patch is made available or leverage a WAF to protect your site and customers.”
WordPress has already updated the platform, so if you are one of our customers we would have already updated your software for you, and you will be safe from this.
If you are not one of our customers we suggest a quick update to WordPress to fix this.