A serious flaw has been found in WordPress, and it's easier to trigger than you'd expect.
All it takes to do serious damage to 86% of Web sites running WordPress 3 is to create a single comment. While many sites have updated to WordPress version 4 — the most current version and what I use — 86% of them are still running the old version.
The vulnerability, discovered by a Finish security team, lets hackers trick WordPress into accepting malicious code from comments on the website. That's right, instead of sharing an opinion about an article, hackers could be typing in code that could potentially cripple a website.
All that any website has to do to stay completely protected from this breach is update to the latest version of WordPress. As we saw with the Heartbleed breach, however, lazy website administrators give hackers their best chance to wreak havoc.
If you visit any smaller websites running WordPress, the best way to make sure that they're staying safe is to send them an email. If you're using WordPress yourself, updating to the latest version will completely inoculate you from any potential hacks.