Anyone who witnesses the association process of a new client can eavesdrop on their connection.
As reassociations can be forced by a rogue host that sends a forged disassociation packet in the name of the target, it is practically always possible to listen in on all connections on a WPA(2) network with a preshared key.
You can even try it for yourself in Wireshark: There is a built-in option to decrypt all transmissions in the 802.11 settings; as long as you know the PSK and the initial authentication is contained in the recorded traffic, Wireshark decrypts it automatically for you.
The difference between WEP and WPA is that there is a different pairwise key (called the pairwise transient key) for every client, but as this key is always directly derived from the PSK, it doesn't really add any security at all. If you want that kind of security, you would have to use EAP and a RADIUS server (sometimes called "WPA enterprise), where the PMK is different for every client.