Description
WordPress is prone to a security bypass vulnerability because it fails to properly restrict access to trashed posts. An attacker can exploit this vulnerability to perform otherwise restricted actions and subsequently view other authors' trashed posts, which may aid in launching further attacks. WordPress versions 2.9 and 2.9.1 are vulnerable.
Remediation
Update to WordPress version 2.9.2 or latest
References
http://www.securityfocus.com/bid/38368/exploit
http://www.exploit-db.com/exploits/11441/
http://packetstormsecurity.org/files/view/86274/wpurl-bypass.txt