The following was posted to the Web Security Mailinglist: Unauthorized Access: Bypassing PHP strcmp(). A way to bypass PHP’s strcmp() binary safe string comparison function.

This may interest you:   High-risk vulnerabilities in TheCartPress leaves WordPress sites at risk