According to David Kierznowski, WordPress’s comment anti-spam tool Akismet is vulnerable to attack. Anyone who’s ever had a WordPress blog probably knows how effective this wonderful little plugin is at defending against spammers. (Akismet has caught tens of thousands of messages on this blog.) So it’s with a heavy heart I endorse the following plan of attack:

Suggestion 1: switch off Akismet until further notice from WordPress. (Better safe than sorry.)
Suggestion 2: moderate comments as they come in (duh).
Suggestion 3: prepare doses of anti-depressants and anti-anxiety meds.

Update: Matt says, “It’s a fairly minor XSS issue, it’s been fixed in downloads and source for a few weeks now and I don’t think it’s worth deactivating the plugin for.” Game on!

Update 2: Akismet also happened to bump up to version 2.0.2 yesterday. In light of things, probably seems smart to upgrade your plugin.