Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

[email protected]

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram
CVE

CVE-2024-48020 – Backup and Staging by WP Time Capsule

Published : 2024-10-11

Title: WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.21 - SQL Injection vulnerability

Description

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21.

CWE

CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

CVSS

ScoreSeverityVersionVector String
8.5HIGH3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Vendor : n/a

Product: Backup and Staging by WP Time Capsule

Vulnerable Versions: n/a through 1.22.21

Proof of Concept:

REDACTED

Vulnerability found by: DFEND Security Researcher

References:

https://patchstack.com/database/vulnerability/wp-time-capsule/wordpress-backup-and-staging-by-wp-time-capsule-plugin-1-22-21-sql-injection-vulnerability?_s_id=cve

https://www.cve.org/CVERecord?id=CVE-2024-48020