GHSA-4jwp-2g8r-6m99HighCVSS 7.5

WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows...

Published
June 20, 2026
Last Modified
June 20, 2026

🔗 CVE IDs covered (1)

📋 Description

WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP_JSON_PREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies and access the WordPress dashboard without providing credentials.

🔗 References (5)