I think that those who develop WordPress, Began to hurry. In the last month, I think there were over three versions de WordPress.
The latest version, WordPress 2.8.4 (12 August 2009), fixes a security issue.
Yesterday a vulnerability was discovered: the Specially crafted URL Requested Could Be That Would Allow attacker to year bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. Does this allow remote access, BUT it is very annoying.
Install with confidence… until next week I think two more versions will appear.