This post contains affiliate links.
The other thing to note is that Incapsula Cloud Security service which is free for small sites is also capable of providing protection against this vulnerability as it would prevent any of those attempted script injections from even hitting your WordPress blog site.
I have used Incapsula to protect my blogs for a while, and while I am running the latest WordPress, it adds that extra piece of mind and security should a new vulnerability be discovered with WordPress, as long as it was XSS related, Incapsula would likely take care of it and help insulate my site. Heck, you can see just in the past 7 days for my site, that 262 bad bots were blocked, 89 illegal access attempts, 24 remote file inclusions, 3 sql injection attempts and 9 cross site scripting attempts were made against DragonBlogger.com. This is a site that gets about 30000 visits per month and it gets this many attacks per week, just imagine how many attacks your site is getting, any site even small one are compromised all the time.
You need to secure your site, and honestly Incapsula is free and wraps around your site protecting it from a cloud so that the attacks/attempts never even reach your web server, this is the advantage of using a cloud security service instead of simply a WordPress plugin because a plugin is churning up system resources on your web hosting provider and the plugin itself may have a vulnerability or some risk, keep the security off the site itself doing the work so that attempts never make it to the server in the first place with Incapsula.
Source Article for Reference http://arstechnica.com/security/2014/11/four-year-old-comment-security-bug-affects-86-percent-of-wordpress-sites/ that inspired this article.