Earlier Today, WordPress 3.0.4 was pushed as an security update fixing a critical bug in their HTML Sanitisation library called, KSES. WordPress advises you to upgrade immediately because if left unpatched can allow hackers to attack your blogs using XSS Techniques.
Don’t put off updating your blogs in this holiday season because it will just take few minutes to upgrade via dashboard.
Those using WordPress 3.1 RC1 version can upgrade via their dashboard to latest nightly version which contains the patch for this vulnerability. Techie-Buzz reported (via Dreamhost’s blog ) that those who haven’t yet patched their blogs have been hit by attacks which doesn’t allow a user get to their dashboard. If your blog has been hit by such an attack, head to Jason Corper’s Page on how to fix the problem. And remember, if your blog’s has been hit by such an attack, upgrading won’t help.