WordPress just released a Critical important security update to 3.0.4.
From their site, it seems that there is a bug in WP KSES HTML sanitation library that will allow XSS (Cross Site Scripting) vulnerabilities.
How urgent is it? Here’s a quote from the announcement:
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.
So, why wait, UPDATE NOW! O yeah, tell your friends, families, clients, and everyone who knows who is using WP.
PS: It is always a great idea to always keep your open-source software updated.
