An attacker, able to register a specially crafted username on a Wordpress 2.5 installation, will also be able to generate authentication cookies for other chosen accounts. This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection. The proper way to exploit this vulnerability is
to use a Wordpress account which its username starts with the word
"admin", for example "admin99". This exploit will not be shown on WebApps reports.
to use a Wordpress account which its username starts with the word
"admin", for example "admin99". This exploit will not be shown on WebApps reports.
CVE Link
Exploit Type - Old
Exploits/Authentication Weakness
Exploit Type
Product Name