If you're a WordPress user, you'll want to update your site with a critical security release. That's because a new zero-day vulnerability, discovered by Jouko Pynnönen of the Finnish security firm Klikki Oy, allows attackers to gain administrative control of WordPress sites. The exploit, known as a cross-site scripting (XSS) bug, involves leaving a long comment (over 64 kb) with malicious JavaScript that a logged-in administrator can trigger simply by viewing the comment.