[原文]Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error is generated.
It is reported that WPKontakt version 3.0.1p1 addresses this issue. This has not been confirmed by Symantec. Please contact the vendor before upgrading to the new version. Wirtualna Polska WPKontakt 3.0.1