Today there was a 0Day attack released in Full-disclosure which affected multiple versions of WordPress. I have written a Nginx configuration which acts as a server side Fix for the attack which should hold attacker till we receive an official fix from wordpress team.
https://blog.anantshri.info/temp_fix_wordpress_comment_xss
Comments criticism bricks bats welcome.