In the screenshot above there’s a Gravatar members profile link sandwiched between two art.com members profiles.
At first I assumed these were compromised webpages like the art.com webpages (a security exploit), mainly because I believed the developers behind Gravatar (owned by Automatic who also own WordPress) wouldn’t be dumb enough to allow HTML to be posted inside the forms used by Gravatar users to add information about themselves.
I was wrong, it’s not a security exploit, it’s a ‘feature’ allowing Gravatar users to add some HTML tags to their profiles “About Me” section. I’m guessing allowing some HTML is an oversight and not a deliberate ‘feature’.
Allowing HTML inside forms isn’t a problem per se, as long as the owner of the site is monitoring EVERYTHING users add via those forms. For example comments on this site can have dofollow clickable text links and image links (I add them all the time) which opens them to blackhat SEO link SPAM abuse (link SPAMMERS love WordPress sites with dofollow links), but I monitor EVERYTHING my users post inside comments and manually delete any SPAM (no link SPAM gets posted).
Continue Reading Gravatar.com Profiles Used for Blackhat SEO Affiliate Link SPAM