Session Fixation
An attack where the attacker sets a user's session ID to a known value, then waits for the user to authenticate.
How it works
An attack where the attacker sets a user's session ID to a known value, then waits for the user to authenticate.
In WordPress
WordPress regenerates session tokens on login, but custom auth plugins may not. Always call wp_set_auth_cookie() properly.
WP HealthKit checks for Session Fixation-related vulnerabilities automatically
Run a Free Audit