cleantalk
Vulnerabilities and Security Researches

Backup and Staging by WP Time Capsule, CVE-2020-37255

CVE, Research URL

CVE-2020-37255

Home page URL

Security reports for Backup and Staging by WP Time Capsule

Application

Backup and Staging by WP Time Capsule

Published on
Jun 20, 2026
Research Description
Backup and Staging by WP Time Capsule [wp-time-capsule] <= 1.21.16 (unfixed) CVE-2020-37255 [en] WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP_JSON_PREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies and access the WordPress dashboard without providing credentials.
Affected versions
max 1.21.16.
Status
vulnerable
Previous vulnerability researches
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2026-56023) , Jun 23, 2026
New vulnerability
Stylish Cost Calculator &#8211; Quote Generator, Lead Gen &amp; Price Estimator (CVE-2026-54847) , Jun 23, 2026
Backup and Staging by WP Time Capsule (CVE-2020-37255) , Jun 23, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2026-56023) , Jun 23, 2026
WooCommerce (CVE-2022-50972) , Jun 22, 2026
Simple File List (CVE-2026-11911) , Jun 21, 2026