Unauthenticated File Upload Vulnerability Affects WP Time Capsule Backup and Staging Plugin
CVE-2024-8856
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 16 November 2024
Badges
Summary
The vulnerability labeled as CVE-2024-8856 affects the WP Time Capsule plugin for WordPress, allowing unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution. This flaw has a severe impact, with a CVSS score of 9.8, and affects versions of the plugin up to version 1.22.21. The potential impact of exploiting this vulnerability includes data breaches, website defacement, malware distribution, and complete server takeover. To mitigate this risk, users are advised to update to version 1.22.22, restrict file upload permissions, monitor server logs, implement regular backup routines, use strong passwords and two-factor authentication, and conduct regular plugin audits. Failure to address this vulnerability promptly could lead to severe business impacts, including reputational damage, financial losses, and potential legal consequences related to data breaches.
Affected Version(s)
Backup and Staging by WP Time Capsule * <= 1.22.21
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
OP InnovateCVE-2024-8856Vulnerability in WP Time Capsule Plugin (CVE-2024-8856) - OP INNOVATE
Critical vulnerability in WP Time Capsule plugin (CVE-2024-8856) allows unauthenticated file uploads, risking full site takeover; update to version 1.22.22 immediately to mitigate threats.
2 months ago
References
CVSS V3.1
Timeline
- π°
First article discovered by OP Innovate
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved