A critical crosss site script (xss) bug has been found in WordPress. As of this posting there is no know patch. This post at Securi gives you the details. The ‘short’ version is that it affects comments. We’d suggest disabling comments in WordPress until a patch is issued.