A hacker could easily hijack a WordPress.com login confirmation cookie to the user’s browser unencrypted. Because the cookie is sent in plain text, it can be easily grabbed by a hacker if you login over an open Wi-Fi network. The problem affects self-hosted WordPress blogs that use the open source version of the software. The company Automattic says it is currently working on a fix and will be providing more information soon via the company’s blog. It’s not clear if the website would invalidate the cookie before 2017.”]
Source: https://www.csoonline.com/article/2158771/wordpress-com-vulnerable-to-account-hijacking.html