As of this writing, WordPress version 2.8.4 is the most current release. It was produced in August 2009 to fix a security hole. Versions prior to 2.8.4 are subject to a problem where an attacker sends a request for a specially crafted URL to your blog, which bypasses a security check on password resets. This could allow someone to reset your admin password. It would not send the password to the attacker, but it is definitely annoying.
How do I tell if I need to update?
Log in to the admin page of your WordPress site. Click the Dashboard button, and you should see a statement which says, “You are using WordPress x.y.z”. If x.y.z is anything less than 2.8.4 you need to update ASAP.