WordPress Plugin Vulnerabilities
Backup and Staging by WP Time Capsule < 1.21.16 - Authentication Bypass
Description
It is possible to login as an administrator on the site due to logical mistakes in the code.
Proof of Concept
The issue resides in wptc-cron-functions.php line 12 where it parses the request. This parse_request function calls the function decode_server_request_wptc which check if the raw POST payload contains a certain string. If it does, it calls wptc_login_as_admin and you'll be logged in as an administrator.
Affects Plugins
References
Classification
Type
AUTHBYPASS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
WebARX
Submitter
Dave
Submitter website
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2020-01-14 (about 4 years ago)
Added
2020-01-08 (about 4 years ago)
Last Updated
2020-09-22 (about 3 years ago)