Wordpress 3.0.3 - Security Privilege Escalation Attack
 

Requires that you have enabled remote publishing:

http://wordpress.org/news/2010/12/wordpress-3-0-3/

This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts.

These issues only affect sites that have remote publishing enabled.

Remote publishing is disabled by default, but you may have enabled it to use a remote publishing client such as one of the WordPress mobile apps. You can check these settings on the “Settings → Writing” screen.