3 matches found
WordPress Time Capsule < 1.21.16 - Authentication Bypass
WordPress Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts. id: CVE-2020-8771 info: name: WordPress Time Capsule 1.21.16 - Authentication...
CVE-2020-8771
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...
CVE-2020-8771
The WordPress Time Capsule plugin (before 1.21.16) is affected by an authentication bypass. The issue occurs when a request contains IWP_JSON_PREFIX, causing the user to be logged in as the first administrator. Technical root cause is in wptc-cron-functions.php where parse_request calls decode_se...