From Gentoo bugzilla: Michael Brooks has discovered a vulnerability in WordPress, which can be exploited by malicious people to bypass certain security restrictions and to disclose sensitive information. The application does not properly restrict access to posted drafts to users with valid administrator credentials. This can be exploited to read drafts by accessing the index.php script with data in the "PATH_INFO" URL part ending with "wp-admin/". Examples: http://[host]/[path]/index.php/wp-admin/ http://[host]/[path]/index.php/test-wp-admin/ The vulnerability is confirmed in version 2.3.1. Other versions may also be affected. Solution: Do not post sensitive information as drafts.
This should be: http://trac.wordpress.org/ticket/5487 And is fixed with the wordpress 2.3.2 release.
Fixed in rawhide and stable update request have been made for F-7 and F-8.
wordpress-2.3.2-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-2.3.2-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.