If you happen to use the Akismet plugin on your WordPress blog/website, make sure that you immediately upgrade to the latest version. The dev team has released Akismet 3.1.5 to address a XSS vulnerability which was discovered by a researcher from Sucuri.
Check out the details posted on the official Akismet blog:
A researcher from Sucuri notified us of an XSS vulnerability in the Akismet WordPress plugin. This bug affects all versions of the Akismet WordPress plugin since 2.5.0, but we have no evidence that it has been exploited in the wild.
We’ve released updates for all vulnerable versions of the Akismet plugin. Additionally, the WordPress.org plugins team has enabled an automatic update for all sites running these vulnerable versions that are able to auto-update plugins.
Because the vulnerability is theoretically exploitable via comments, Akismet is already blocking attempts during the comment-check API call even if you are not running the most recent version. However, to be as safe as possible, you should still upgrade immediately.
To upgrade to the latest version, you can do it two ways: First, by logging in to your WordPress dashboard and heading to Dashboard > Updates or via the Plugins section. Second, is by downloading the zip file from the official WordPress Plugin directory.
Better safe than sorry folks. Please take the time to upgrade ASAP. To avoid problems or conflicts, don’t forget to backup your WordPress database and deactivate the plugin before you do the upgrade.
