If you're logged in into wordpress as an admin, your comments aren't properly sanitized, thus allowing an XSS to be posted. This can be exploited using XSRF techniques.
More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt
討論串 (同標題文章)