Backup And Staging By Wp Time Capsule
Monthly
Sensitive information exposure in the Backup and Staging by WP Time Capsule WordPress plugin (all versions through 1.22.26) allows authenticated attackers with subscriber-level access to download a previously admin-decrypted SQL database backup via the unprotected `download_recent_decrypted_file_wptc` endpoint. The downloaded backup typically contains WordPress password hashes, user credentials, and site configuration data stored in the `recent_decrypted_file` plugin option. No public exploit code exists at time of analysis, but the vulnerability is conditionally exploitable wherever subscriber-level user registration is enabled and an administrator has recently used the plugin's decrypt function.
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
Sensitive information exposure in the Backup and Staging by WP Time Capsule WordPress plugin (all versions through 1.22.26) allows authenticated attackers with subscriber-level access to download a previously admin-decrypted SQL database backup via the unprotected `download_recent_decrypted_file_wptc` endpoint. The downloaded backup typically contains WordPress password hashes, user credentials, and site configuration data stored in the `recent_decrypted_file` plugin option. No public exploit code exists at time of analysis, but the vulnerability is conditionally exploitable wherever subscriber-level user registration is enabled and an administrator has recently used the plugin's decrypt function.
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.