WordPress 3.1.2 is now available and is a security release for all previous WordPress versions.
This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts.
The issue was discovered by a member of our security team, WordPress developer Andrew Nacin, with Benjamin Balter.
We suggest you update to 3.1.2 promptly, especially if you allow users to register as contributors or if you have untrusted users. This release also fixes a few bugs that missed the boat for version 3.1.1.
Download 3.1.2 or update automatically from the Dashboard → Updates menu in your site’s admin area.
Continue reading here:
WordPress 3.1.2