CVE-2026-42760 WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.25 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...

CVE-2026-42760

CVE-2026-42760 concerns the WordPress plugin “Backup and Staging by WP Time Capsule” (revmakx) where the vulnerability enables an authentication bypass via an alternate path or channel, enabling password-recovery exploitation. Affected: wp-time-capsule plugin versions from n/a up to and including...

EUVD-2026-32208

Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...

CVE-2026-4029 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

CVE-2026-4030

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

CVE-2026-4030

The vulnerability CVE-2026-4030 affects the Database Backup for WordPress plugin for WordPress (all versions up to 2.5.2). The root cause is the plugin not properly enforcing the return value of its authorization check when combined with a user-controlled backup directory parameter, enabling unau...

CVE-2026-4029

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

CVE-2025-66172

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and...

EUVD-2025-209740

The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment...

EUVD-2025-209742

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and...

EUVD-2025-209741

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the...

CVE-2025-66172

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and...

CVE-2025-66170

The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment...

CVE-2025-66171

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the...

CVE-2025-66172 Apache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and...

CVE-2025-66172 Apache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and...

CVE-2025-66172

The CVE pertains to CloudStack’s Backup plugin, affected in versions 4.21.0.0 to 4.22.0.0, where improper access logic allows any authenticated user in a CloudStack 4.21.0.0+ environment (with the plugin enabled and API access) to restore a volume from another user’s backups and attach it to thei...

CVE-2025-66171

CVE-2025-66171 affects the CloudStack Backup plugin in CloudStack 4.21.0.0 and 4.22.0.0, where an improper access logic allows any authenticated user with access to specific APIs to create new VMs using backups belonging to other users. Public docs from NVD/CVE and EUVD- ENISA reiterate upgrade g...

CVE-2025-66171 Apache CloudStack: Any user can create a new VM from backups they should not have access to

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the...

CVE-2025-66170 Apache CloudStack: Any user can list backups that they should not have access to

The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment...