WordPress Cookie Authentication Vulnerability

  • Systems Affected:

    WordPress 1.5 — 2.3.1 (including current version, as of 2007-11-19)

    Overview:

    With read-only access to the WordPress database, it is possible to generate a valid login cookie for any account, without resorting to a brute force attack.

    This allows a limited SQL injection vulnerability to be escalated into administrator access.

    href=”https://lwn.net/Articles/259204″>

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘WordPress Cookie Authentication Vulnerability’ is closed to new replies.