WordPress Plugin Security Alert: Askimet
Risk Level: High
Vulnerability: Stored XSS
Fixed Version: 3.1.5
Askimet has an option called “Convert emoticons to graphics on display” selected by default. The vulnerability lies in the way Askimet handles the hyperlinks found inside the site’s comments. this vulnerability potentially allows a hacker to inject malicious scripts into the Comments section of the WordPress Dashboard. This could potentially lead to a full website compromise.
Askimet should be updated immediately.
If you are a WPWSS client then your plugin has already been updated for you and a scan made of your website to ensure it is clean.