WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WordPress + Microsoft Office 365 < 11.7 - JWT Signature Verification Bypass

Description

The plugin does not correctly verify JWT signatures, allowing attackers to forge tokens and bypass authentication and authorisation checks.

Affects Plugins

wpo365-login
Fixed in version 11.7

References

CVE
CVE-2020-26511
URL
https://www.wpo365.com/change-log/

Classification

Type

BYPASS

Miscellaneous

Original Researcher

Philip Åkesson

Submitter

Philip Åkesson

Submitter website
https://www.truesec.com
Verified

No

WPVDB ID
c0433e94-3bcc-438a-9369-2607aec8b067

Timeline

Publicly Published

2020-10-02 (about 2 years ago)

Added

2020-10-02 (about 2 years ago)

Last Updated

2020-10-04 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin