Overview
- Description
- The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Source
- security@wordfence.com
- NVD status
- Received
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- security@wordfence.com
- CWE-434
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
⚠️ CVE-2024-8856: WP Time Capsule Plugin Vulnerability Exposes 20,000+ Sites to Takeover - Threat: Public exploit available for unauthenticated file uploads, enabling attackers to: - Inject backdoors or malware - Take full control of affected websites - Cause: -…
@Ransom_DB
17 Nov 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2024-8856: WP Time Capsule Plugin Vulnerability Exposes 20,000+ Sites to Takeover - Threat: Public exploit available for unauthenticated file uploads, enabling attackers to: - Inject backdoors or malware - Take full control of affected websites - Cause: -…
@Ransom_DB
17 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2万サイト以上が使用するWordPressのバックアッププラグインWP Time Capsuleに重大(Critical)な脆弱性。CVE-2024-8856はCVSSスコア9.8で、ファイル形式検証の欠如に起因して未認証の攻撃者が任意のファイルをWebサーバにアップロードできるもの。バージョン1.22.22で修正。 https://t.co/Ue9iSC3XN9
@__kokumoto
17 Nov 2024
4777 Impressions
7 Retweets
12 Likes
2 Bookmarks
0 Replies
1 Quote
Critical vulnerability (CVE-2024-8856) in the WP Time Capsule plugin. This flaw allows unauthenticated attackers to upload arbitrary files to the server, potentially enabling backdoors, malware injections, or complete site takeover. Key details : •Severity: Critical •CVSS… https
@0x0Huda
17 Nov 2024
105 Impressions
1 Retweet
4 Likes
1 Bookmark
1 Reply
0 Quotes
CVE-2024-8856: WP Time Capsule Plugin Vulnerability Exposes 20,000+ Sites to TakeOver https://t.co/6lM3XFgHZq
@Dinosn
17 Nov 2024
2283 Impressions
5 Retweets
19 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2024-8856 The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php … https://t.co/VAFhX2r1br
@CVEnew
16 Nov 2024
346 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-8856: CRITICAL] WordPress plugin WP Time Capsule Backup and Staging is at risk. Unauthenticated attackers can exploit this vulnerability (up to v1.22.21) to upload arbitrary files leading to a potential ...#cybersecurity,#vulnerability https://t.co/EL9V9aptk5 https://t.
@CveFindCom
16 Nov 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes