This is practically content free. If there really is a known security hole in WordPress, I for one would like to know what it is, so I can patch my sites. Vague burblings about XSS just don't cut it. After all, it's possible that his site was exploited prior to 2.8.4 and he just noticed the problems (or the attack has just become active) now.
4 comments
[ 54.2 ms ] story [ 423 ms ] threadSee tptacek's comment about WordPress security http://news.ycombinator.com/item?id=806760
http://news.ycombinator.com/item?id=806910
I'd wondered about much of this myself