Two Indian security researchers, Aditya Modha & Samir Shah, Monday released an advisory outlining a Cross-Site Scripting (XSS) vulnerability within the latest version (at the time of writing) of WordPress 3.3.
It however, later turned out that the vulnerability was related to whether a WordPress instance was installed from an IP address (http://127.0.0.1/wp-admin) or using a domain name (http://example.org/wp-admin).
WordPress have already patched the bug and released 3.3.1. If you run your own WordPress site and used an IP address to set it up, it is recommended to update to 3.3.1 as soon as possible.