- Description
- The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-434
- Hype score
- Not currently trending
真的有 如果版本對的上就是CVE-2024-8856 https://t.co/krGzWu4IZr
@annpigpigpig
17 Jan 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-8811 2 - CVE-2024-42477 3 - CVE-2024-8856 4 - CVE-2020-27786 5 - CVE-2024-46938 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
24 Nov 2024
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8856 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing fi..https://t.co/uxOrjcKOZ7 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
21 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2024-8856: WP Time Capsule Plugin Vulnerability Exposes 20,000+ Sites to Takeover - Threat: Public exploit available for unauthenticated file uploads, enabling attackers to: - Inject backdoors or malware - Take full control of affected websites - Cause: -…
@Ransom_DB
17 Nov 2024
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2024-8856: WP Time Capsule Plugin Vulnerability Exposes 20,000+ Sites to Takeover - Threat: Public exploit available for unauthenticated file uploads, enabling attackers to: - Inject backdoors or malware - Take full control of affected websites - Cause: -…
@Ransom_DB
17 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2万サイト以上が使用するWordPressのバックアッププラグインWP Time Capsuleに重大(Critical)な脆弱性。CVE-2024-8856はCVSSスコア9.8で、ファイル形式検証の欠如に起因して未認証の攻撃者が任意のファイルをWebサーバにアップロードできるもの。バージョン1.22.22で修正。 https://t.co/Ue9iSC3XN9
@__kokumoto
17 Nov 2024
10010 Impressions
19 Retweets
36 Likes
6 Bookmarks
0 Replies
3 Quotes
Critical vulnerability (CVE-2024-8856) in the WP Time Capsule plugin. This flaw allows unauthenticated attackers to upload arbitrary files to the server, potentially enabling backdoors, malware injections, or complete site takeover. Key details : •Severity: Critical •CVSS… https
@0x0Huda
17 Nov 2024
112 Impressions
1 Retweet
4 Likes
1 Bookmark
1 Reply
0 Quotes
CVE-2024-8856: WP Time Capsule Plugin Vulnerability Exposes 20,000+ Sites to TakeOver https://t.co/6lM3XFgHZq
@Dinosn
17 Nov 2024
2441 Impressions
6 Retweets
20 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2024-8856 The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php … https://t.co/VAFhX2r1br
@CVEnew
16 Nov 2024
346 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-8856: CRITICAL] WordPress plugin WP Time Capsule Backup and Staging is at risk. Unauthenticated attackers can exploit this vulnerability (up to v1.22.21) to upload arbitrary files leading to a potential ...#cybersecurity,#vulnerability https://t.co/EL9V9aptk5 https://t.
@CveFindCom
16 Nov 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes