Vulnerability Details CVE-2020-26511
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://plugins.trac.wordpress.org/changeset/2388992/
- https://wordpress.org/plugins/wpo365-login/#developers
- https://wpvulndb.com/vulnerabilities/10418
- https://www.wpo365.com/change-log/
- https://plugins.trac.wordpress.org/changeset/2388992/
- https://wordpress.org/plugins/wpo365-login/#developers
- https://wpvulndb.com/vulnerabilities/10418
- https://www.wpo365.com/change-log/
Products affected by CVE-2020-26511
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:-
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:10.0
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:10.1
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:10.10
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:10.2
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:10.3
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:10.4
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:10.5
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:10.6
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:10.7
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:10.8
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:10.9
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:11.0
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:11.1
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:11.2
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:11.3
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:11.4
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:11.5
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:11.6
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:3.10
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:3.11
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:3.12
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:3.13
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:4.0
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:5.0
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:5.1
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:5.2
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:5.3
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:6.0
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:6.1
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.0
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.1
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.10
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.11
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.12
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.13
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.14
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.15
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.16
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.17
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.18
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.2
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.3
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.4
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.5
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.6
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.7
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.8
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:7.9
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:8.0
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:8.1
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:8.2
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:8.3
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:8.4
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:8.5
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:8.6
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:9.0
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:9.1
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:9.2
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:9.3
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:9.4
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:9.5
-
cpe:2.3:a:wpo365:wordpress_+_azure_ad_/_microsoft_office_365:9.6