Viktoria Michaelis ∙ 15 weeks ago
That's a very interesting scare story you're trying to tell everyone. And I'm glad that you happened to mention WordPress as your example.
Let me correct you, though, in one or two small ways.
When a WordPress blog has moderation enabled all comments must be approved by the owner first. The code included in any comment is fully visible. Anyone with any sense also has Akismet enabled, which weeds out the spam and well known problem senders of comment trash and separates them from the rest.
These two exceptionally simple attributes on WordPress effectively stop anything like what you have suggested.