The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
References
Link | Resource |
---|---|
https://wpvulndb.com/vulnerabilities/10010 | Third Party Advisory |
https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-02-06T16:27:19
Updated: 2020-02-06T16:27:19
Reserved: 2020-02-06T00:00:00
Link: CVE-2020-8771
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-02-06T17:15:14.927
Modified: 2020-02-11T15:51:19.967
Link: CVE-2020-8771
JSON object: View
Redhat Information
No data.
CWE