CVE-2007-6013

Name of the Vulnerable Software and Affected Versions Wordpress versions 1.5 through 2.3.1

Description The issue allows attackers to bypass authentication by obtaining the MD5 hash from the user database and then generating the authentication cookie from that hash. This is possible because Wordpress uses cookie values based on the MD5 hash of a password MD5 hash.

Recommendations For versions 1.5 through 2.3.1, consider updating to a version that does not use MD5 hashes for cookie authentication, or apply alternative authentication mechanisms to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to sensitive areas of the application until a more secure authentication method is implemented.