Critical Zero Day WordPress Vulnerability Posted on Apr 28, 2015
If you have a WordPress install PLEASE READ ON.
There is a 0-day vulnerability in core WordPress (that is, WordPress without any pluigins!) that may affect you. The vulnerability allows an attacker to inject XSS exploit on the page, in the comment section.
For it to work, site must allow comments of more than 60.000 characters long. All versions of WordPress are vulnerable up to and including 4.2.
Vulnerable sites or compromised site MAY BE TAKEN OFFLINE Remedy:
Users should block comments or limit the length of comments to less then 64K. Users should take this seriously.
An update, 4.2.1, has been released by WordPress