WordPress has released version 3.0.4 of their blogging engine, addressing a core security bug in their HTML sanitation library, called KSES. The fix is considered critical by the WordPress team, and the most important security update to the code that has been made in 2010. Site owners should update ASAP. The update should appear in the dashboard of WordPress control panel, or can be downloaded from WordPress.org.
The flaw was discovered by security reseachers Mauro Gentile and Jon Cave (duck_).
Rest assured TechVirtuoso’s WordPress install is up-to-date.