Yes, you’ve read it right: a critical, unpatched zero-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy.
Who’s affected? If your WordPress site allows users to post comments via the WordPress commenting system, you’re at risk. An attacker could leverage a bug in the way comments are stored in the site’s database.
View full story