Version 3.0.4 of WordPress, Immediately available through the update page in your dashboard or for download here , is a very important update to apply to your sites as soon as possible Because It fixes a security bug in Our core HTML library sanitation, Called KSES . I would rate this release as "critical."
This Issue Affects all versions of WordPress prior to 3.0.4, so if you are still on a 2.x release you need to update as well.
I Realize an update During the holidays is no fun, But this one is worth putting down for the eggnog. In the spirit of the holidays, consider helping your friends as well.
If you are a security researcher, We’d appreciate you taking a look over this changeset as well to review Our update. We’ve given it a lot of thought and review But since this is so core We Want it on as many brains as possible. Thanks to Mauro Gentile and Jon Cave (duck_) Who Discovered and alerted us to XSS vulnerabilities These first.