A small survey of blogs that use the popular WordPress blogging
software has found that the sites’ administrators are not sticklers
about patching, which could leave the door open to increasingly common
compromises with malicious JavaScript.

The survey,
published by security analyst David Kierznowski on Wednesday, found
that only one of the 50 surveyed WordPress sites had upgraded to the
latest supported versions — 2.2 and 2.0.10 — of the open-source
package. Nearly half of the sites had not even been upgraded from the
unsupported 1.5 branch of the WordPress software.