The blogpost linked (http://klikki.fi/adv/wordpress2.html) in the article is rather worrying to read - especially the "Solution" section which suggests Klikki Oy had a lot of trouble communicating with WordPress and getting the bug fixed.
Interestingly, the WordPress blog states "A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen."
I'm not very familiar with WordPress or its plugins, but does it make use of Content-Security-Policy headers? Those might've helped to minimise the risk (at least for users with modern browsers) to users browsing WordPress sites.
Interestingly, the WordPress blog states "A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen."
I'm not very familiar with WordPress or its plugins, but does it make use of Content-Security-Policy headers? Those might've helped to minimise the risk (at least for users with modern browsers) to users browsing WordPress sites.