WordPress 3.0.4 Stored XSS (via Editor role)
As advised before, WordPress revealed 3.0.4 version within security patches which occured because of a vulnerability. However, a high level vulnerability in 3.0.4 declared by a security research group named Anatolia Security.
If WordPress is being used and there are users who have Editor role, this vulnerability will give a chance to seize system for Editors. This vulnerability occurs a XSS attack and authorised staff of WordPress is informed about this.
A recommendation to you, Editor roled user accounts should be suspended for a while. As detailed, an Editor roled user can run an arbitrary code on comment box to access other users and Admin accounts.
Anatolia Security; http://www.anatoliasecurity.com/