That annoying comment might be more than spam telling visitors how to solve their intimacy issues, or how to make easy money at home. Instead, it may be malicious code that could hijack your site, lock you out completely, and even take over your server as a whole -- a nightmare for larger companies that store more than a simple webpage on their servers.
Fortunately, the bug, discovered by Finnish IT security company Klikki Oy, was reported to WordPress months before being made public, and security patches are already being automatically (no pun intended) deployed. The bug affects an estimated 86 percent of WordPress sites (those running any unpatched version of WordPress 3 -- version 4.0, which was released in September, are not affected). The exploit uses text input fields, such as the enabled-by-default blog comments feature, to deploy malicious code.