diff --git a/wp-includes/comment.php b/wp-includes/comment.php
index c054302647..6ec4b44266 100644
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@@ -1055,6 +1055,10 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age
 	$mod_keys = trim( get_option('blacklist_keys') );
 	if ( '' == $mod_keys )
 		return false; // If moderation keys are empty
+
+	// Ensure HTML tags are not being used to bypass the blacklist.
+	$comment_without_html = wp_kses( $comment, array() );
+
 	$words = explode("\n", $mod_keys );
 
 	foreach ( (array) $words as $word ) {
@@ -1072,7 +1076,7 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age
 			   preg_match($pattern, $author)
 			|| preg_match($pattern, $email)
 			|| preg_match($pattern, $url)
-			|| preg_match($pattern, $comment)
+			|| preg_match($pattern, $comment_without_html)
 			|| preg_match($pattern, $user_ip)
 			|| preg_match($pattern, $user_agent)
 		 )
diff --git a/wp-includes/version.php b/wp-includes/version.php
index c01b13fd28..e79185776f 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.6-beta2-38046';
+$wp_version = '4.6-beta2-38047';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.