WordPress Thrashing Authorisation Bypass

Thomas Mackenzie has reported a vulnerability affecting WordPress >= 2.9. Versions before 2.9 are not vulnerable.
tmacuk quote:
Since version 2.9 a new feature was implemented so that users were able to retrieve posts that they may have deleted by accident. This new feature was labelled ‘trash’. Any posts that are placed within the trash are only viewable […]

Read more: WordPress Thrashing Authorisation Bypass

Story added 7. June 2012, content source with full text you can find at link above.