wordpress 2.3.2 has a vulnerability that lets any user edit any other user's blog posts via XML-RPC. The release announcement is in the URL field.
Update to 2.3.3 has been pushed.