If you are using an older version of Wordpress with the WP-Statistics plug-in, chances are you and your web-sites visitors maybe at risk from javascript injected comments.
This has been fixed in version 4.0, with more vulnerabilities addressed in 4.0.1
http://www.theregister.co.uk/2014/11/24/worst_wordpress_hole_for_five_years_affects_86_of_sites/
This has been fixed in version 4.0, with more vulnerabilities addressed in 4.0.1
http://www.theregister.co.uk/2014/11/24/worst_wordpress_hole_for_five_years_affects_86_of_sites/
