CVE-2020-26511

CVE-2020-26511

EPSS 2.1%

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://plugins.trac.wordpress.org/changeset/2388992/https://wordpress.org/plugins/wpo365-login/#developers https://wpvulndb.com/vulnerabilities/10418 https://www.wpo365.com/change-log/