WordPress 3.0.3 is available and is a security update for all previous WordPress versions.
This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts.
These issues only affect sites that have remote publishing enabled.
Remote publishing is disabled by default, but you may have enabled it to use a remote publishing client such as one of the WordPress mobile apps. You can check these settings on the “Settings → Writing” screen.
Download 3.0.3 or update automatically from the “Dashboard → Updates” screen in your site’s admin area.