WordPress 2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

Details of WordPress 2.8.6 can be found here.

There is a worm around at the moment that old, unpatched versions of WordPress may suffer attacks from.

This worm registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.

The latest stable release of WordPress (Version 2.8.4) is available in two formats from the links below. It has some important security issues fixed so I suggest you upgrade now.

Download Latest WordPress