Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress Time Capsule Plugin 1.21.16 Authentication Bypass
Vulnerability Description
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP_JSON_PREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies and access the WordPress dashboard without providing credentials.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
使用候选路径或通道进行的认证绕过
Vulnerability Title
InfiniteWP WP Time Capsule 授权问题漏洞
Vulnerability Description
wptimecapsule wp time capsule是wptimecapsule个人开发者开源的一款WordPress备份插件。 InfiniteWP WP Time Capsule 1.21.16及之前版本存在授权问题漏洞,该漏洞源于身份验证绕过,允许未经身份验证的攻击者通过发送带有IWP_JSON_PREFIX标头的特制POST请求获得管理访问权限,从而获取有效管理员会话cookie并访问WordPress仪表板。
CVSS Information
N/A
Vulnerability Type
N/A