Akismet XSS vulnerability
14 Oct 2015
During a routine audit of their popular Web Application Firewall (WAF), Sucuri discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs. This vulnerability affects everyone using Akismet version 3.1.4 and lower with the WordPress “Convert emoticons which is the case by default on any new WordPress installation.