An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts. This is not good.
Torna a PacketStorm Security
Feeds Directory