This is the best tl;dr I could make, original reduced by 82%. (I'm a bot)

Attack code has been released that targets one of the latest versions of WordPress, making it a zero-day exploit that could touch off a series of site hijackings throughout the Internet.

"Alternatively the attacker could change the administrator's password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system."

Once the comment is processed by someone logged in with WordPress administrator rights to the site, the malicious code will be executed with no outward indication that an attack is under way.

Extended Summary | FAQ | Theory | Feedback | Top five keywords: Attack^#1 WordPress^#2 administrator^#3 post^#4 code^#5

Post found in /r/technology, /r/realtech, /r/security, /r/TechNewsToday, /r/DailyTechNewsShow, /r/jaszNewsCuration, /r/Wordpress and /r/geekdays.