CVE-2020-26511

CVE-2020-26511

EPSS 2.1%

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://plugins.trac.wordpress.org/changeset/2388992/https://wordpress.org/plugins/wpo365-login/#developers https://wpvulndb.com/vulnerabilities/10418 https://www.wpo365.com/change-log/