cleantalk
Vulnerabilities and Security Researches

Backup and Staging by WP Time Capsule, CVE-2024-8856

CVE, Research URL

CVE-2024-8856

Home page URL

Security reports for Backup and Staging by WP Time Capsule

Application

Backup and Staging by WP Time Capsule

Published on
Nov 16, 2024
Research Description
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 1.22.22.
Status
vulnerable
Previous vulnerability researches
Backup and Staging by WP Time Capsule (CVE-2024-8856) , Nov 16, 2024
Backup and Staging by WP Time Capsule (CVE-2026-42760) , May 29, 2026
Backup and Staging by WP Time Capsule (CVE-2024-48020) , Oct 12, 2024
Backup and Staging by WP Time Capsule (CVE-2024-49684) , Oct 25, 2024
Backup and Staging by WP Time Capsule (CVE-2025-47477) , Jun 14, 2025
New vulnerability
Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator (CVE-2026-54847) , Jun 23, 2026
Backup and Staging by WP Time Capsule (CVE-2020-37255) , Jun 23, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2026-56023) , Jun 23, 2026
WooCommerce (CVE-2022-50972) , Jun 22, 2026
Simple File List (CVE-2026-11911) , Jun 21, 2026