WordPress releases urgent security update
The problem? Well for blogs with registration enabled, a hole in the XML-RPC implementation was found that could allow a user to edit the posts of other users on that blog.
The WordPress team has two update solutions. If you just want to update the xmlrpc.php file, you can download it here and import it directly to your main WordPress directory (overwriting the file that is in its place now). If you want the full 2.3.3 update, which includes a few minor bug fixes in addition to the XML-RPC exploit, download it here and follow the usual upgrade protocol.
Additionally, if you use the WP-Forum plugin, be aware that it is being actively exploited as a target for SQL injections. Please disable and delete the plugin until a fix is released.