CVE-2026-42760 WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.25 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...

CVE-2020-8771

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...

VulnCheck KEV: CVE-2024-8856

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.21 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Rein Daelman trein in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.21...

WordPress plugin Backup and Staging by WP Time Capsule SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress plugin WP Time Capsule 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.20 - Authentication Bypass and Privilege Escalation Vulnerability

Authentication Bypass and Privilege Escalation Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.20...

CVE-2021-24877 MainWP Child < 4.1.8 - Admin+ SQL Injection

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

CVE-2021-24877

CVE-2021-24877 affects the WordPress MainWP Child plugin prior to version 4.1.8. The issue is an SQL injection caused by lack of validation of the orderby and order parameters before their use in a SQL statement, exploitable by high-privilege users (e.g., admin) when the Backup and Staging by WP ...

CVE-2020-8771

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...

CVE-2020-8771

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts...

CVE-2020-8771

The WordPress Time Capsule plugin (before 1.21.16) is affected by an authentication bypass. The issue occurs when a request contains IWP_JSON_PREFIX, causing the user to be logged in as the first administrator. Technical root cause is in wptc-cron-functions.php where parse_request calls decode_se...