The WordPress team just released a new version of WordPress (3.1.2) to fix a security issue where contributor-level users were allowed to publish posts. It is a small release, and everyone using WordPress should upgrade to it!
From the WordPress site:
WordPress 3.1.2 is now available and is a security release for all previous WordPress versions.
This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts.
The issue was discovered by a member of our security team, WordPress developer Andrew Nacin, with Benjamin Balter.
We suggest you update to 3.1.2 promptly, especially if you allow users to register as contributors or if you have untrusted users. This release also fixes a few bugs that missed the boat for version 3.1.1.
Download 3.1.2 or update automatically from the Dashboard → Updates menu in your site’s admin area.
So do what they say and upgrade it asap! Download link: http://wordpress.org/download/.
Using WordPress? Check out our WordPress Security plugin (1-click hardening, audit trail and blocking attackers).