Anyone running wordpress 2.3 with the "Anyone can register" checkbox on, should go grab WordPress 2.3.1 Beta 1, as there's an exploit1 in the wild. ...
- not traditionally an exploit, there is no user privilege escalation, but users are allowed to access to a feature that should be restricted (back ↩)
