The bug has been fixed in an update, 3.1.5, according to Automattic, the company behind WordPress.
Sucuri made Automattic aware of an XSS vulnerability in the Akismet WordPress plugin. This bug affects all versions of the Akismet WordPress plugin since 2.5.0, but there is no evidence that it has been exploited in the wild.
“We’ve released updates for all vulnerable versions of the Akismet plugin. Additionally, the WordPress.org plugins team has enabled an automatic update for all sites running these vulnerable versions that are able to auto-update plugins.
Because the vulnerability is theoretically exploitable via comments, Akismet is already blocking attempts during the comment-check API call even if you are not running the most recent version. However, to be as safe as possible, you should still upgrade immediately.
To upgrade, visit the Updates page of your WordPress dashboard and follow the instructions. If you need to download the plugin zip file directly, links to all versions are available in the WordPress plugins directory.”
Download latest version: https://wordpress.org/plugins/akismet/