WordPress is prone to a security bypass vulnerability because it fails to properly restrict access to trashed posts. An attacker can exploit this vulnerability to perform otherwise restricted actions and subsequently view other authors' trashed posts, which may aid in launching further attacks. WordPress versions 2.9 and 2.9.1 are vulnerable.
Update to WordPress version 2.9.2 or latest
WordPress Plugin Theme My Login Local File Inclusion (6.3.9)
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.7)
WordPress Plugin Post Custom Templates Lite Cross-Site Scripting (1.6)
WordPress Plugin RokMicroNews Multiple Vulnerabilities (1.5)
WordPress Plugin Use Any Font Unspecified Vulnerability (4.3.6)