PT-2020-20263 · WordPress · Time Capsule

Dave Jong

Published

2020-02-06

Updated

2020-02-11

CVE-2020-8771

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Time Capsule plugin for WordPress versions prior to 1.21.16

Description The issue allows for an authentication bypass. Specifically, any request containing the prefix IWP JSON PREFIX results in the client being logged in as the first account on the list of administrator accounts.

Recommendations For versions prior to 1.21.16, update to version 1.21.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the Time Capsule plugin until the update is applied.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-8771

Affected Products

Time Capsule

PT-2020-20263 · WordPress · Time Capsule

CVE-2020-8771

Weakness Enumeration

Related Identifiers

Affected Products

References · 4