WordPress 3.0.4 has been released fixing a critical core security vulnerability in the HTML sanitation library, called KSES.
WordPress rates the vulnerability as critical which means that site owners should update their websites as soon as possible.
Before updating it is advised to back up the database and files.
Download: http://wordpress.org/download/