14 DAY TRIAL // Surely, a lot of you people have heard of WordPress, and some of you just might be using it, but for those of you who don't know, it's a blog publishing system, written in PHP and backed by a MySQL database. Best thing about it is that it's free!
A certain part of WordPress is vulnerable, and I'm talking here about a certain theme, Pool 1.x to be more exact. As I've red on Secunia, this flaw could be exploited by malicious users to conduct cross-site scripting attacks.
This type of vulnerability (CSS) can allow code injection (HTML or client-side scripts, for example) by hackers into websites viewed by other users. Attackers could also use this to exploit browsers or craft phishing attacks, and threats are not limited to this.
As Secunia tells us, input passed via the URL through the WordPress installation's index.php script to header.php is not properly sanitized before being returned to the user.
This vulnerability is known to affect version 1.0.7 but other versions may be flawed as well. This has been patched up by WordPress yet and it has been ranked as "less critical" by Secunia experts. There is a solution, tough - the source code could be edited to ensure that input is properly sanitized. You can find the original advisory on this link . The only problem with this is the fact that I can't tell for sure in what language it is written, though I suspect it's Ukrainian; anyway, if you do click on the link, besides all of the stuff you might not understand, there is also a piece of code posted there.
Since they say that it only affects one theme for WordPress, and not the whole software, I would just wait for a while, until they fix this issue.