Wordpress has released a mandatory security update with the wordpress version 3.0.2. It involves resolving some of the bugs and security holes in wordpress.
There is yet another exploit found, but that is for users using the WP-forum plugin, it is advised by wordpress itself that you stop using that script until the author fixes the exploit.
There is a bug in Wordpress latest release 2.0.4 or maybe it’s just a small Typo? Anyways, the problem is in the wp-rss2.php file exactly where the config file is located.