Version 3.1.5 of the Akismet plugin for WordPress contains a critical security fix. Update your sites as soon as possible.
A researcher from Sucuri notified us of an XSS vulnerability in the Akismet WordPress plugin. This bug affects all versions of the Akismet WordPress plugin since 2.5.0, but we have no evidence that it has been exploited in the wild.
We’ve released updates for all vulnerable versions of the Akismet plugin. Additionally, the WordPress.org plugins team has enabled an automatic update for all sites running these vulnerable versions that are able to auto-update plugins.
Because the vulnerability is theoretically exploitable via comments, Akismet is already blocking attempts during the comment-check API call even if you are not running the most recent version. However, to be as safe as possible, you should still upgrade immediately.
To upgrade, visit the Updates page of your WordPress dashboard and follow the instructions. If you need to download the plugin zip file directly, links to all versions are available in the WordPress plugins directory.