The best plugin to control comment spam is Akismet. It can be considered as the spam eater of your website. Make sure that you have updated to the current version of Akismet 3.1.5 as there is a critical security fix for this plugin. The XSS vulnerability in Akismet WordPress plugin was notified by a researcher from Sucuri.
Vulnerability: Stored XSS
Versions effected: The bug effects all the versions of Akismet plugin since 2.5.0
Patched Version: 3.1.5
How does it effects? According to Sucuri all the sites using Akismet with 3.1.4 and lower versions and it converts emoticons like and 😛 to graphics on display option enabled are at own risk. The issue can also be found in the Akismet deals with hyperlinks present inside the site’s comments due to this any unauthenticated attacker can insert malicious scripts in comment sections of the admin panel.
How to Upgrade? There is an automatic update for all sites running these vulnerable versions that are able to auto-update plugins.
One can find the Technical details about the plugin from Security Advisory published by Sucuri.
It would be good if one update to the new version of Akismet if you are using the vulnerable version of this plugin since the Security Risk defined is Dangerous.