Vulnerabilities and security researches forwp-time-capsule wp-time-capsule
Direction: ascendingJun 07, 2024
Backup and Staging by WP Time Capsule # CVE-2021-25035
- CVE, Research URL
- Application
- Date
- Jan 24, 2022
- Research Description
- The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
- Affected versions
-
max 1.22.7.
- Status
-
vulnerable
Backup and Staging by WP Time Capsule # CVE-2020-8771
- CVE, Research URL
- Application
- Date
- Feb 06, 2020
- Research Description
- The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
- Affected versions
-
max 1.21.16.
- Status
-
vulnerable
Jul 16, 2024
Backup and Staging by WP Time Capsule # CVE-2024-38770
- CVE, Research URL
- Application
- Date
- Aug 02, 2024
- Research Description
- Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20.
- Affected versions
-
max 1.22.21.
- Status
-
vulnerable
Oct 12, 2024
Backup and Staging by WP Time Capsule # CVE-2024-48020
- CVE, Research URL
- Application
- Date
- Oct 12, 2024
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21.
- Affected versions
-
max 1.22.22.
- Status
-
vulnerable
Oct 25, 2024
Backup and Staging by WP Time Capsule # CVE-2024-49684
- CVE, Research URL
- Application
- Date
- Oct 23, 2024
- Research Description
- Deserialization of Untrusted Data vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Object Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21.
- Affected versions
-
max 1.22.22.
- Status
-
vulnerable
Nov 16, 2024
Backup and Staging by WP Time Capsule # CVE-2024-8856
- CVE, Research URL
- Application
- Date
- Nov 16, 2024
- Research Description
- The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Affected versions
-
max 1.22.22.
- Status
-
vulnerable
Jun 14, 2025
Backup and Staging by WP Time Capsule # CVE-2025-47477
- CVE, Research URL
- Application
- Date
- Jun 09, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule allows Reflected XSS. This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.23.
- Affected versions
-
max 1.22.24.
- Status
-
vulnerable
May 29, 2026
Backup and Staging by WP Time Capsule # CVE-2026-42760
- CVE, Research URL
- Application
- Date
- May 27, 2026
- Research Description
- Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.25.
- Affected versions
-
max 1.22.25.
- Status
-
vulnerable