Last night WordPress released an update, here’s what WordPress.org had to say:
WordPress 3.0.5 is now available and is a security hardening update for all previous WordPress versions. This security release is required if you have any untrusted user accounts, but it also comes with important security enhancements and hardening.
WP SecurityLock says:
As far as the untrusted user account scenario, two moderate security issues were fixed that may have permitted a Contributor/Author level user to obtain escalated access to more of your site. This release fixes a problem where Author-level user could view contents of posts that should not have been available for them to see. These included drafts and posts marked private.
Plugin security has been enhanced by code changes to properly leverage the WordPress security API. Another fix added further defense against a vulnerability addressed in an earlier release.
If you’re self-hosting WordPress it’s best to run an update as soon as possible, either using the Automatic Update feature on the dashboard or manually through FTP.