As advised by the Sucuri Blog, PLEASE UPDATE WORDPRESS to the newest version 4.2.1. ASAP!!!!
It was found earlier today that if your WordPress site allows users to post comments via the WordPress commenting system, you’re at risk. An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser.
So WordPress issued this newest version to fix this nasty problem. UPDATE NOW!
Read more about this Sucuri Blog.
Ashley says
It’s so great that you posted this. This was actually REALLY scary for me. I heard about the vulnerability before the patch came out and I was TERRIFIED that something would happen to my blog in the meantime. I considered shutting off comments across my whole blog.
I’m glad the WP security team was on top of things and released the patch pretty quickly. 🙂
Pamela says
Yes, I was terrified as well…. it was one of those “whew” moments for sure!