PT-2026-51140 · Wp Time Capsule · Time Capsule Plugin

B. Canavate

Published

2026-06-20

Updated

2026-06-20

CVE-2020-37255

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP JSON PREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies and access the WordPress dashboard without providing credentials.

Exploit

Fix

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288

Related Identifiers

CVE-2020-37255

Affected Products

Time Capsule Plugin

PT-2026-51140 · Wp Time Capsule · Time Capsule Plugin

CVE-2020-37255

Weakness Enumeration

Related Identifiers

Affected Products

References · 4