WordPress releases version 3.0.4 yesterday which closes a “critical” security vulnerability in how the KSES library is vulnerable to XSS (aka. Cross Site Scripting) attacks. XSS attacks are characters like ‘,<,>,; that can be embedded in URL’s or submitted in HTTP POST requests and can compromise an application possibly allowing an attacking application or user to execute malicious code and gain access to information or get into the web application itself.
As a web security professional myself I always recommend users to upgrade and patch immediately when critical vulnerabilities are found to reduce your chances of being vulnerable. Remember that most hacks occur because they leverage vulnerabilities that existed and already had a patch for. Once a vulnerability or security issue becomes public it increases the number of users who will try to exploit it on any system.
Read more about the WordPress 3.0.4 Version and upgrade your WordPress blog today.
I always remind readers to take a backup of their SQL database before upgrading. Do this with the WP-DBManager plugin or manually through the PHPMyAdmin application in your Hosting Provider account.
I have used the WordPress Dashboard automatic upgrade on 6 of the WordPress blog I administrate and it worked fine without issues.