As explained on the WordPress blog, WordPress has released a security update that deals with two different vulnerabilities in its software. You should update your sites right away.
One of the issues is a SOME (Same Origin Method Execution) vulnerability in Plupload (WordPress’ third-party file uploader), while the other is an XSS (Cross Site Scripting) risk in MediaPlayer.js (WordPress’ third-party media player). Fortunately, the problems were disclosed responsibly and promptly after their discovery (which is one of the great things about Wordpress and its community!).
Once again, update now.