CVE-2008-1930

WordPress - Improper Authentication via Cookie Hash Collision

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1930. PoCs published by HeisenbergH4X.

AI-analyzed exploit summary This repository provides a detailed technical guide on the tools and methodologies used for assessing CVE-2008-1930, including DNS enumeration, port scanning, and vulnerability research. It does not contain exploit code but offers a comprehensive walkthrough of the assessment process.

Description

The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.

Exploits (1)

nomisec WRITEUP
by HeisenbergH4X · poc
https://github.com/HeisenbergH4X/CVE-2008-1930

This repository provides a detailed technical guide on the tools and methodologies used for assessing CVE-2008-1930, including DNS enumeration, port scanning, and vulnerability research. It does not contain exploit code but offers a comprehensive walkthrough of the assessment process.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: N/A
No auth needed
Prerequisites: Kali Linux · Ubuntu Security VM · VirtualBox · CVE-2008-1930 ISO Environment
mistral-large-3 · analyzed Jun 08, 2026 Full analysis →

References (8)

Core 8
Core References
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28935
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42027
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1372/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019923
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29965
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/491356/100/0/threaded

Scores

EPSS 0.0500
EPSS Percentile 91.2%

Details

CWE
CWE-287
Status published
Products (1)
wordpress/wordpress 2.5
Published Apr 28, 2008
Tracked Since Feb 18, 2026