Their is currently a vulnerability present in WordPress version 4.2 and below.

The security blunder is exploited by posting a 64KB comment to a WordPress blog page. This data is truncated as it is written to the database, breaking safety checks that are supposed to filter out malicious code when the comment is displayed to visitors.

This means an attacker to post a comment containing JavaScript that runs in the visitor’s browser. If this comment is viewed by a site administrator reading the comments, the script will execute and can change the admin’s password, create new admin accounts, deface the site, upload dodgy material, and so on. The code can hijack the accounts of normal users visiting the page, too.

To fix the security hole, admins should upgrade to WordPress 4.2.1, which was released in the past few hours. “This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately,” the team said of the latest version.

Please contact us should you need assistance with the critical update.