vulnerability

Wordpress: CVE-2012-6707: Inadequate Encryption Strength

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Oct 19, 2017	Nov 23, 2017	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Oct 19, 2017

Added

Nov 23, 2017

Modified

Aug 11, 2025

Description

WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.

Solution

wordpress-upgrade-4_8_3

References

CVE-2012-6707
https://attackerkb.com/topics/CVE-2012-6707
CWE-326

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today