WordPress 3.0.2 has been out for a few days, if you haven’t upgraded yet, you better do it soon.
There’s a SQL injection vulnerability in the
do_trackbacks() function of all versions of WordPress prior to version 3.0.2 that allows remote attackers to execute arbitrary SELECT SQL queries.
wp-includes/comment.phpdoes not properly escape the input that comes from the user, allowing a remote user with
edit_published_postscapabilities to execute an arbitrary
SELECTSQL query, which can lead to disclosure of any information stored in the WordPress database.
You can read all about the security hole here, but you might want to upgrade your WordPress installations first.