WordPress just released a critical upgrade, 2.3.3, and you should really update now. The flaw that was found is the solution to a burning question I’ve had for a few times lately: how the **** are people editing posts on one of my blogs. (More specifically, css3.info, which is being syndicated at w3.org, and has thus been under quite some attacks lately).
It’s an XML RPC call bug, from the post:
a specially crafted request would allow any valid user to edit posts of any other user on that blog
Right. So: upgrade! And if you’re sick of upgrading WordPress by copying files, read my post about installing and upgrading WordPress from Subversion. I just upgraded all my 20+ WordPress installations in less than 5 minutes.