WordPress Cookie Integrity Protection Privilege Escalation Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 29 Apr 2008 4389 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in WordPress, which could be exploited by attackers to compromise an affected web site. This issue is caused by an error in the MAC calculation procedure when handling the "USERNAME" and "EXPIRY_TIME" parameters contained in the authentication cookie, which could be exploited by attackers to gain unauthorized administrative access (and execute arbitrary PHP code) by creating an account with a specially crafted username.

Impact

  • Elevation of Privilege

System / Technologies affected

  • WordPress versions prior to 2.5.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

StarOffice/StarSuite Multiple Vulnerabilities

29 Apr 2008 4377 Views

Next

IBM Lotus Expeditor "cai:" URI Handler Command Injection Vulnerability

2 May 2008 4416 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY