The team at WordPress.com have released a new version of WordPress, 2.6.2. This update plug’s two vulnerabilities that when used together can give crackers access to the site. It’s got to do with SQL Column Truncation. When a new user is added its possible to reset the password of another user. Coupled with the weaknesses of mt_rand(), which can be used to guess the new “random” password, this could be a problem for wordpress admins. Although it only really only effects blogs that allow users to sign up automatically, all admins are advised to upgrade. So better get to it and upgrade as soon as possible.
You can download it from the offical site here.