WordPress Cookie Authentication Vulnerability
-
Systems Affected:
WordPress 1.5 — 2.3.1 (including current version, as of 2007-11-19)
Overview:
With read-only access to the WordPress database, it is possible to generate a valid login cookie for any account, without resorting to a brute force attack.
This allows a limited SQL injection vulnerability to be escalated into administrator access.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘WordPress Cookie Authentication Vulnerability’ is closed to new replies.