Description
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
Remediation
References
Related Vulnerabilities
WordPress Plugin Related Posts Unspecified Vulnerability (5.12.69)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11112)
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads Security Bypass (2.2.5)
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-7936)
WordPress Plugin Timetable and Event Schedule by MotoPress Cross-Site Scripting (2.3.18)