mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-28 19:41:33 +02:00
0xMarcio
1003 B
1003 B
CVE-2020-8771
Description
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
POC
Reference
Github
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/HycCodeQL/wordpress
- https://github.com/Irdinaaaa/pentest
- https://github.com/beardcodes/wordpress
- https://github.com/ehsandeep/wordpress-application
- https://github.com/vavkamil/dvwp