SECURITY BITS: Security bug in WordPress renders site visitors the potential victims.

It never ends. This time it’s WordPress’ turn. A four year old security bug in comments on WordPress could be used to launch a wide variety of malicious script-based attacks on site visitors’ browsers. Very bad indeed. This does not affect the latest version of WordPress (v4) but most sites still run on v3 which makes more than 80% of WordPress sites vulnerable. But their visitors are the ones that are vulnerable. Read more here:

http://arstechnica.com/security/2014/11/four-year-old-comment-security-bug-affects-86-percent-of-wordpress-sites/#p3