Security Focus has reported ( http://www.securityfocus.com/bid/28703 ) SQL Injection Vulnerabilities in WordPress, present in wp-comments-post.php.
The advisory states that WordPress 2.5 is vulnerable.
I've not seen any other advisories regarding this issue, and cannot find anything in these forums.
Does anyone know anything about this reported flaw - has it been verified and if so is there a patch? Should we disable comments in live blogs?