Akismet XSS vulnerability

14 Oct 2015

During a routine audit of their popular Web Application Firewall (WAF), Sucuri discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs. This vulnerability affects everyone using Akismet version 3.1.4 and lower with the WordPress “Convert emoticons which is the case by default on any new WordPress installation.