Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 30th, 2008

WordPress Cookie Integrity Protection Allows Unauthorized Access

WordPress is prone to a vulnerability that allows an attacker to gain unauthorized access. An attacker, who is able to register a specially crafted username on a WordPress installation, is able to generate authentication cookies for other chosen accounts, including admin account. If a WordPress blog is configured to freely permit account creation, a remote attacker can gain WordPress-administrator access and then elevate this to arbitrary code execution as the web server user.

An attacker wishing to exploit this vulnerability would create an unprivileged account with its username starting with “admin”. The cookie returned on logging into this account can then be manipulated so as to be valid for the administrator account.

Successfully exploiting this issue will compromise the affected application. Attackers can use a browser to exploit this issue.

Versions prior to WordPress 2.5.1 are vulnerable.


1.Upgrade to WordPress 2.5.1

2. De-select “Anyone can register” in the Membership section of “General Settings” to disable new accounts creation.

Share this item with others:

More on CyberInsecure:
  • WordPress Multiple SQL Injection Vulnerabilities
  • WordPress Doorway Spam Attacks
  • WordPress Parameter Directory Traversal Vulnerability
  • WordPress 2.6.2 Released Due To PHP Weakness That Might Lead To Attack
  • WordPress 2.8.3 Remote Admin Password Reset Vulnerability

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: WordPress Cookie Integrity Protection Allows Unauthorized Access

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.