Fundamental Website Setup Links

Use Our RSS Feed

XML Feed

Support Open Source Software

Hi, Thank you for coming to We appreciate you visiting and hope you can support us in our efforts with free and open source software.

Critical WordPress Exploit in Version 2.1.3

June 2nd, 2007 by harknell

A critical exploit has been discovered in WordPress 2.1.3 related to the way WordPress admin cookies are accessed. A malicious user could possibly steal your admin password cookie and gain admin rights to your website. This is only an issue if you are using the default WordPress prefix of wp_ or are using an easy to figure out prefix. Unfortunately the only fix currently available is to upgrade to WordPress 2.2–which has it’s own set of major issues due to the widget changes and other new coding conventions introduced in that version.

I wish I could provide an easy fix, but there isn’t one. If you have a WordPress 2.1.3 site with a standard setting for the prefix (in the wp-config.php file) then you really should think about upgrading–do research on the upgrade though, its not very straightforward.

Posted in Critical!, Website Administration | Comments Off on Critical WordPress Exploit in Version 2.1.3

Comments are closed.