9 matches found
WP Time Capsule Plugin - Remote Code Execution
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticat...
📄 WordPress Backup and Staging 1.21.16 Shell Upload
WordPress Backup and Staging plugin versions 1.21.16 and below suffer from a remote shell upload vulnerability. Exploit Title: WordPress Backup and Staging Plugin ≤ 1.21.16 - Arbitrary File Upload to RCE Original Author: Patchstack hypothetical Exploit Author: Al Baradi Joy Exploit Date: April 5,...
Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload
Exploit Title: WordPress Backup and Staging Plugin ≤ 1.21.16 - Arbitrary File Upload to RCE Original Author: Patchstack hypothetical Exploit Author: Al Baradi Joy Exploit Date: April 5, 2025 Vendor Homepage: https://wp-timecapsule.com/ Software Link: https://wordpress.org/plugins/wp-time-capsule/...
WP Time Capsule 1.22.21 Shell Upload
WordPress WP Time Capsule plugin version 1.22.21 remote shell upload proof of concept exploit that takes advantage of a flaw discovered in 2024 by Rein Daelman...
WordPress WP Time Capsule Arbitrary File Upload to RCE
This module exploits an arbitrary file upload vulnerability in the WordPress WP Time Capsule plugin versions use exploit/multi/http/wptimecapsulefileuploadrce msf exploitwptimecapsulefileuploadrce show targets ...targets... msf exploitwptimecapsulefileuploadrce set TARGET msf...
Exploit for Unrestricted Upload of File with Dangerous Type in Revmakx Backup_And_Staging_By_Wp_Time_Capsule
CVE-2024-8856 This tool scans WordPress websites for vulnerab...
WordPress Backup and Staging by WP Time Capsule Plugin <= 1.22.21 is vulnerable to Arbitrary File Upload
Software Backup and Staging by WP Time Capsule Type Plugin Vulnerable versions = 1.22.21 Fixed in 1.22.22 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8856 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 3a293a6ce154 Credits Rein Daelman...
CVE-2024-8856
creationtimestamp| type| source ---|---|--- 2024-11-16 06:52:51+00:00| seen| https://t.me/cvedetector/11225 2024-11-17 06:17:37+00:00| seen| https://t.me/CyberBulletin/26463 2024-11-17 06:17:37+00:00| seen| https://t.me/CyberBulletin/1490 2024-11-22 10:05:08+00:00| published-proof-of-concept|...
CVE-2024-8856 Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticat...