cleantalk
Vulnerabilities and Security Researches

WordPress + Microsoft Office 365 / Azure AD | LOGIN, CVE-2020-26511

CVE, Research URL

CVE-2020-26511

Home page URL

Security reports for WordPress + Microsoft Office 365 / Azure AD | LOGIN

Application

WordPress + Microsoft Office 365 / Azure AD | LOGIN

Published on
Oct 02, 2020
Research Description
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass.
Affected versions
Min -, max 11.7.
Status
vulnerable
Previous vulnerability researches
WordPress + Microsoft Office 365 / Azure AD | LOGIN (CVE-2024-4706) , Jun 06, 2024
WordPress + Microsoft Office 365 / Azure AD | LOGIN (CVE-2021-43409) , Jun 06, 2024
WordPress + Microsoft Office 365 / Azure AD | LOGIN (CVE-2020-26511) , Jun 06, 2024
New vulnerability
WP User Stylesheet Switcher (CVE-2025-52792) , Jun 30, 2025
Easy FancyBox – WordPress Lightbox Plugin (CVE-2025-52707) , Jun 30, 2025
CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce (CVE-2025-49987) , Jun 30, 2025
Trusty Whistleblowing Solution (CVE-2025-52818) , Jun 30, 2025
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-49975) , Jun 30, 2025