Home » Critical! » Critical WordPress Exploit in Version 2.1.3

Fundamental Website Setup Links

Critical WordPress Exploit in Version 2.1.3

A critical exploit has been discovered in WordPress 2.1.3 related to the way WordPress admin cookies are accessed. A malicious user could possibly steal your admin password cookie and gain admin rights to your website. This is only an issue if you are using the default WordPress prefix of wp_ or are using an easy to figure out prefix. Unfortunately the only fix currently available is to upgrade to WordPress 2.2–which has it’s own set of major issues due to the widget changes and other new coding conventions introduced in that version.

I wish I could provide an easy fix, but there isn’t one. If you have a WordPress 2.1.3 site with a standard setting for the prefix (in the wp-config.php file) then you really should think about upgrading–do research on the upgrade though, its not very straightforward.

AWSOM Powered