WordPress Thrashing Authorisation Bypass

Thomas Mackenzie has reported a vulnerability affecting WordPress >= 2.9. Versions before 2.9 are not vulnerable.
tmacuk quote:
Since version 2.9 a new feature was implemented so that users were able to retrieve posts that they may have deleted by accident. This new feature was labelled ‘trash’. Any posts that are placed within the trash are only viewable […]