CVE-2020-8771

CRITICAL NUCLEI

Time Capsule <1.21.16 - Auth Bypass

Title source: llm

Description

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.

Nuclei Templates (1)

WordPress Time Capsule < 1.21.16 - Authentication Bypass

CRITICALby princechaddha

References (2)

[Third Party Advisory] https://wpvulndb.com/vulnerabilities/10010

[Exploit, Third Party Advisory] https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/

Scores

CVSS v3 9.8

EPSS 0.8915

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

wptimecapsule/wp_time_capsule < 1.21.16

Published Feb 06, 2020

Tracked Since Feb 18, 2026