Description

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

Remediation

References

CVE-2007-6013

Related Vulnerabilities

Zope Web Application Server Other Vulnerability (CVE-2000-0062)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.13)

Oracle JRE CVE-2012-0503 Vulnerability (CVE-2012-0503)

WordPress Plugin SendinBlue Subscribe Form And WP SMTP Multiple Unspecified Vulnerabilities (2.7.3)

WordPress Plugin WP Server Health Stats Cross-Site Scripting (1.6.10)

Severity

Critical

Classification

CVE-2007-6013 CWE-327 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities