How to fix EUVD-2025-17516?

Within 24 hours: Audit all WordPress installations for WP Time Capsule plugin presence and document affected systems; disable the plugin if not critically required for operations. Within 7 days: Contact revmakx for patch availability and timeline; evaluate alternative backup solutions with equivalent functionality. Within 30 days: Implement the vendor patch immediately upon release; if no patch is available, migrate to a patched alternative backup solution or maintain the plugin in a restricted, air-gapped environment with strict access controls.

Is PHP affected by EUVD-2025-17516?

A Cross-site Scripting (XSS) vulnerability in WP Time Capsule's Backup and Staging plugin (versions through 1.22.23) allows attackers to inject malicious scripts that execute in users' browsers, potentially compromising WordPress administrator accounts and sensitive backup data.

EUVD-2025-17516

| CVE-2025-47477 HIGH

2025-06-09 [email protected]

XSS WordPress PHP

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17516

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

CVE Published

Jun 09, 2025 - 16:15 nvd

HIGH 7.1

DescriptionNVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule allows Reflected XSS. This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.23.

AnalysisAI

A cross-site scripting vulnerability in revmakx Backup and Staging by WP Time Capsule allows Reflected XSS (CVSS 7.1). High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-79 (Cross-site Scripting). CVSS 7.1 indicates high severity. Affects revmakx Backup and Staging by WP Time Capsule allows Reflected XSS.

RemediationAI

Monitor vendor channels for patch availability.

EUVD-2025-17516 vulnerability details – vuln.today

Back

EUVD-2025-17516

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code