Vulnerabilities > CVE-2020-26511 - Unspecified vulnerability in Wpo365 Wordpress + Azure AD / Microsoft Office 365
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass.