Security hole in MovableType
Movable Type - News - Movable Type 3.15 released
Version 3.15 fixes a vulnerability in the mail sending packages for all Movable Type versions in which the user has enabled comment notifications. This vulnerability allows a malicious user to send email through the application to any number of arbitrary users.
Enough said. I enabled comment notifications, so there, I've upgraded 🙂