WordPress has made available version 3.3.1 of its popular blogging software, which closes 15 vulnerabilities, including a cross-site scripting hole that was revealed Monday by two Indian security researchers. The bug, however, can only be exploited on iterations of WordPress being installed from an IP address, not a domain name, according to another researcher who attempted to reproduce the vulnerability. "These are the types of problems that keep software QA engineers awake a night," Chester Wisniewski, a senior security adviser at Sophos, said in a blog post. "Who would expect to need to create test cases for whether the initial install was done with an IP versus a name?"