Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2020-37255— WordPress Time Capsule Plugin 1.21.16 Authentication Bypass

CVSS 7.5 · High EPSS 0.40% · P32

Affected Version Matrix 1

VendorProductVersion RangeStatus
WptimecapsuleTime Capsule Plugin≤ 1.21.16affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-37255

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
WordPress Time Capsule Plugin 1.21.16 Authentication Bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP_JSON_PREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies and access the WordPress dashboard without providing credentials.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用候选路径或通道进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
InfiniteWP WP Time Capsule 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
wptimecapsule wp time capsule是wptimecapsule个人开发者开源的一款WordPress备份插件。 InfiniteWP WP Time Capsule 1.21.16及之前版本存在授权问题漏洞,该漏洞源于身份验证绕过,允许未经身份验证的攻击者通过发送带有IWP_JSON_PREFIX标头的特制POST请求获得管理访问权限,从而获取有效管理员会话cookie并访问WordPress仪表板。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
WptimecapsuleTime Capsule Plugin 0 ~ 1.21.16 -

II. Public POCs for CVE-2020-37255

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-37255

登录查看更多情报信息。

Vendor Advisories for CVE-2020-37255 (1)

Exploits & Public PoCs for CVE-2020-37255 (1)

Other References for CVE-2020-37255 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2020-37255

No comments yet


Leave a comment