By Paul Hirsch, Senior Network Engineer
Security researcher Jouko Pynnönen of Klikki Oy has discovered a vulnerability in the comment feature of WordPress. This elevates the power of a bad comment from being simply annoying to taking over webservers.
When mixed with “comment spam,” this may lead to a lot of compromised websites.
WordPress has released a fix. If you would like to avoid having your website defaced or used to spread malware, update your WordPress sites to 4.2.1 as soon as possible. See http://klikki.fi/adv/wordpress2.html for more information.