There's an important note from Netcraft to everyone out there using the WordPress "publishing platform":

Security vulnerabilities have been found in WordPress, the popular PHP-based open source blogging application. Some scripts in WordPress are not properly validated, leaving the program open to cross-site scripting (XSS) attacks in which third parties could insert content into a WordPress-driven site.

"Nearly every file in the administration panel of Wordpress is vulnerable for XSS attacks," writes Thomas Waldegger, who discovered the flaws and posted them to a security mailing list. Waldegger said he had reported the flaw but received no response from the WordPress development team, which acknowledged the vulnerability and said a fix is forthcoming.

So, if you use this powerful tool for your site, keep an eye out for an upgrade to come very soon. For all of the information concerning these security holes, see Netcraft's detail page.

Thanks to PHP Magazine for the link...