What is the severity of CVE-2007-6013?

CVE-2007-6013 is considered a high severity vulnerability due to its potential to allow unauthorized access to user accounts.

How do I fix CVE-2007-6013?

To fix CVE-2007-6013, update your WordPress installation to version 2.3.2 or later, which has mitigated this vulnerability.

What types of WordPress versions are affected by CVE-2007-6013?

CVE-2007-6013 affects WordPress versions from 1.5 to 2.3.1.

Can restoring from a backup mitigate CVE-2007-6013?

Restoring from a backup will not mitigate CVE-2007-6013 unless the backup is of a WordPress version that is not affected, such as 2.3.2 or newer.

How does CVE-2007-6013 enable authentication bypass?

CVE-2007-6013 enables authentication bypass by allowing attackers to generate a valid authentication cookie using the MD5 hash of a stolen password hash.

Vulnerability/
CVE-2007-6013

critical

9.8

CWE

287 327

19/11/2007

9/2/2024

CVE-2007-6013

First published: Mon Nov 19 2007(Updated: )

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
WordPress	=2.0.11
WordPress	=2.0
WordPress	=2.1.1
WordPress	=2.2.3
WordPress	=2.1
WordPress	=1.5-strayhorn
WordPress	=2.0.6
WordPress	=2.0.1
WordPress	=2.0.4
WordPress	=2.2
WordPress	=2.1.3
WordPress	=2.0.7
WordPress	=2.1.2
WordPress	=2.0.5
WordPress	=2.2.2
WordPress	=1.5.1.1
WordPress	=2.0.9
WordPress	=2.2.1
WordPress	=1.5.2
WordPress	=2.3.1
WordPress	=1.5.1.2
WordPress	=2.0.10
WordPress	=1.5
WordPress	=1.5.1
WordPress	=1.5.1.3
WordPress	=2.0.8
WordPress	=2.3
WordPress	>=1.5<=2.3.1
Red Hat Fedora	=7
Red Hat Fedora	=8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-6013?
CVE-2007-6013 is considered a high severity vulnerability due to its potential to allow unauthorized access to user accounts.
How do I fix CVE-2007-6013?
To fix CVE-2007-6013, update your WordPress installation to version 2.3.2 or later, which has mitigated this vulnerability.
What types of WordPress versions are affected by CVE-2007-6013?
CVE-2007-6013 affects WordPress versions from 1.5 to 2.3.1.
Can restoring from a backup mitigate CVE-2007-6013?
Restoring from a backup will not mitigate CVE-2007-6013 unless the backup is of a WordPress version that is not affected, such as 2.3.2 or newer.
How does CVE-2007-6013 enable authentication bypass?
CVE-2007-6013 enables authentication bypass by allowing attackers to generate a valid authentication cookie using the MD5 hash of a stolen password hash.

agent/type
agent/first-publish-date
agent/severity
agent/last-modified-date
agent/weakness
agent/references
agent/event
agent/description
agent/source
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/author
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/wordpress
canonical/wordpress
version/wordpress/2.0.11
version/wordpress/2.0
version/wordpress/2.1.1
version/wordpress/2.2.3
version/wordpress/2.1
version/wordpress/1.5-strayhorn
version/wordpress/2.0.6
version/wordpress/2.0.1
version/wordpress/2.0.4
version/wordpress/2.2
version/wordpress/2.1.3
version/wordpress/2.0.7
version/wordpress/2.1.2
version/wordpress/2.0.5
version/wordpress/2.2.2
version/wordpress/1.5.1.1
version/wordpress/2.0.9
version/wordpress/2.2.1
version/wordpress/1.5.2
version/wordpress/2.3.1
version/wordpress/1.5.1.2
version/wordpress/2.0.10
version/wordpress/1.5
version/wordpress/1.5.1
version/wordpress/1.5.1.3
version/wordpress/2.0.8
version/wordpress/2.3
vendor/fedoraproject
canonical/red hat fedora
version/red hat fedora/7
version/red hat fedora/8