Automattic has released Wordpress 2.8.2 an open source (GPL) blog engine based on PHP and MySQL. "Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site." Anyone know if this issue is present in 2.7.1?