Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbJeremie AmsellemWPVDB-ID:F426360E-5BA0-4D6B-BFD4-61BC54BE3469
HistoryDec 21, 2021 - 12:00 a.m.

Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting

2021-12-2100:00:00
Jeremie Amsellem
wpscan.com
17
cross-site scripting
wp time capsule
admin page.

EPSS

0.001

Percentile

31.7%

JSON

The plugin does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

PoC

Once the “Server Requirements” are passed in the initial setup process (you can bypass the check for localhosts by editing the is_localhost function in the same file for testing purpose) the vulnerability can be triggered at any time in an admin’s panel using an URI with JavaScript content inserted in the error parameter such as : https://example.com/wp-admin/admin.php?page=wp-time-capsule&amp;error;=">&cloud;_auth_action=g_drive

Related

patchstack 1
cnvd 1
nvd 1
prion 1
wpexploit 1
cvelist 1
cve 1
patchstack
patchstack
WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.6 - Reflected Cross-Site Scripting (XSS) vulnerability
2021-12-21 00:00:00
cnvd
cnvd
WordPress Backup and Staging by WP Time Capsule plugin cross-site scripting vulnerability
2022-01-26 00:00:00
nvd
nvd
CVE-2021-25035
2022-01-24 08:15:09
prion
prion
Cross site scripting
2022-01-24 08:15:00
wpexploit
wpexploit
Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting
2021-12-21 00:00:00
cvelist
cvelist
CVE-2021-25035 Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting
2022-01-24 08:01:15
cve
cve
CVE-2021-25035
2022-01-24 08:15:09

EPSS

0.001

Percentile

31.7%

JSON
Related for WPVDB-ID:F426360E-5BA0-4D6B-BFD4-61BC54BE3469
patchstack1cnvd1nvd1prion1wpexploit1cvelist1cve1