If you are used to logging in to your WordPress account in a public Wi-Fi network like at malls or from your local coffee shop, anyone on the same connection can sniff your WordPress credentials. Anyone who knows how to use FireSheep can gain access to your WordPress account.
This was discovered by Yan Zhu, a staff technologist at Electronic Frontier Foundation who works for Frontier Foundation on the HTTPS Everywhere and Privacy Badger extensions.
The cookie, called “wordpress_logged_in’ is what WordPress.com use to determine if the user is logged in or not. If this is set, then WordPress won’t bother to ask user credentials until this cookie expires.
Read the rest of the news here: http://www.pcworld.com/article/2158771/wordpress-com-vulnerable-to-account-hijacking.html