Backup and Staging by WP Time Capsule < 1.21.16 – Authentication Bypass | CVE 2020-8771 | Plugin Vulnerabilities

Description

It is possible to login as an administrator on the site due to logical mistakes in the code.

Proof of Concept

The issue resides in wptc-cron-functions.php line 12 where it parses the request. This parse_request function calls the function decode_server_request_wptc which check if the raw POST payload contains a certain string. If it does, it calls wptc_login_as_admin and you'll be logged in as an administrator.

Affects Plugins

wp-time-capsule

Fixed in 1.21.16

References

CVE

URL

https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/

URL

https://www.wordfence.com/blog/2020/01/critical-authentication-bypass-vulnerability-in-infinitewp-client-plugin/

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

WebARX

Submitter

Dave

Submitter website

https://www.webarxsecurity.com

Submitter twitter

webarx_security

Verified

No

WPVDB ID

c549cf1f-58d1-42c9-97db-c1d0e4bc505b

Timeline

Publicly Published

2020-01-14 (about 6 years ago)

Added

2020-01-08 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2019-12-12

Title

Ultimate Addons for Beaver Builder <= 1.24.0 - Authentication Bypass

Published

2024-11-04

Title

Loginizer Security and Loginizer < 1.9.3 - Authentication Bypass

Published

2020-07-14

Title

Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass

Published

2023-10-25

Title

Admin and Site Enhancements (ASE) < 5.8.0 - Password Protection Mode Security Feature Bypass

Published

2024-10-24

Title

Comments – wpDiscuz < 7.6.25 - Authentication Bypass