cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-8856,https://securityvulnerability.io/vulnerability/CVE-2024-8856,Unauthenticated File Upload Vulnerability Affects WP Time Capsule Backup and Staging Plugin,"The vulnerability labeled as CVE-2024-8856 affects the WP Time Capsule plugin for WordPress, allowing unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution. This flaw has a severe impact, with a CVSS score of 9.8, and affects versions of the plugin up to version 1.22.21. The potential impact of exploiting this vulnerability includes data breaches, website defacement, malware distribution, and complete server takeover. To mitigate this risk, users are advised to update to version 1.22.22, restrict file upload permissions, monitor server logs, implement regular backup routines, use strong passwords and two-factor authentication, and conduct regular plugin audits. Failure to address this vulnerability promptly could lead to severe business impacts, including reputational damage, financial losses, and potential legal consequences related to data breaches.",Wordpress,Backup And Staging By WP Time Capsule,9.8,CRITICAL,0.0013000000035390258,false,,true,false,true,true,false,false,2024-11-16T04:29:15.950Z,0 CVE-2021-25035,https://securityvulnerability.io/vulnerability/CVE-2021-25035,Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting,"The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting",Wordpress,Backup And Staging By WP Time Capsule,6.1,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2022-01-24T08:01:15.000Z,0