CVE-2020-26511

CVE-2020-26511

EPSS 2.1%

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://plugins.trac.wordpress.org/changeset/2388992/https://wordpress.org/plugins/wpo365-login/#developers https://wpvulndb.com/vulnerabilities/10418 https://www.wpo365.com/change-log/