CVE-2020-37255 WordPress Time Capsule Plugin 1.21.16 Authentication Bypass

WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWPJSONPREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies...

CVE-2020-8771

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...