← back
CVE-2020-37255

WordPress Time Capsule Plugin 1.21.16 Authentication Bypass

CVSS 8.7 HIGHEPSS 0.4%CWE-288
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP_JSON_PREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies and access the WordPress dashboard without providing credentials.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Wptimecapsule · Time Capsule Plugin
public PoCs found1
cve_referencewww.exploit-db.com/exploits/47941unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wptimecapsule.com/https://www.exploit-db.com/exploits/47941https://www.vulncheck.com/advisories/wordpress-time-capsule-plugin-authentication-bypass