Object Injection Vulnerability in Backup and Staging by WP Time Capsule
CVE-2024-49684

7.2HIGH

Key Information:

Vendor: WordPress
Status: Backup And Staging By WP Time Capsule
Vendor: CVE Published:; 23 October 2024

What is CVE-2024-49684?

A deserialization of untrusted data vulnerability has been identified in the Backup and Staging feature of WP Time Capsule. This vulnerability allows for object injection, which could potentially enable an attacker to execute arbitrary code within the WordPress environment. Users of Backup and Staging by WP Time Capsule versions from n/a through 1.22.21 are particularly at risk. It is crucial for website owners to update to the latest version of the plugin to mitigate this security risk.

Affected Version(s)

Backup and Staging by WP Time Capsule 0 <= 1.22.21

References

https://patchstack.com/database/Wordpress/Plugin/wp-time-...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2024

CVE-2024-49684 Data

JSON