PT-2026-51140 · Wp Time Capsule · Time Capsule Plugin
B. Canavate
·
Publicado
2026-06-20
·
Atualizado
2026-06-20
·
CVE-2020-37255
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP JSON PREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies and access the WordPress dashboard without providing credentials.
Exploit
Correção
Authentication Bypass Using an Alternate Path or Channel
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Time Capsule Plugin