CVE-2020-37255

HIGH NVD

CVSS Score 7.5

Severity HIGH

Published Jun 20, 2026

Vendor unknown

Description

WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP_JSON_PREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies and access the WordPress dashboard without providing credentials.

References

https://wptimecapsule.com/
https://www.exploit-db.com/exploits/47941
https://www.vulncheck.com/advisories/wordpress-time-capsule-plugin-authentication-bypass