WordPress 3.0.4 critical security update
Version 3.0.4 of WordPress is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES.
Certain unspecified input is not properly sanitized in the KSES library before being displayed to the user, according to Secunia.
This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in the context of an affected site when the malicious data is being viewed.
This is a critical release, available immediately through the update page in your dashboard or for download here.