Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2020-8771

Disclosure Date: February 06, 2020 (last updated February 21, 2025)
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0