Search criteria
2 vulnerabilities found for Backup and Staging by WP Time Capsule by Unknown
CVE-2021-25035 (GCVE-0-2021-25035)
Vulnerability from nvd – Published: 2022-01-24 08:01 – Updated: 2024-08-03 19:49
VLAI
Title
Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting
Summary
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/f426360e-5ba0-4d… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2641264 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Backup and Staging by WP Time Capsule |
Affected:
1.22.7 , < 1.22.7
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Backup and Staging by WP Time Capsule",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.22.7",
"status": "affected",
"version": "1.22.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jeremie Amsellem"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T08:01:15.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Backup and Staging by WP Time Capsule \u003c 1.22.7 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25035",
"STATE": "PUBLIC",
"TITLE": "Backup and Staging by WP Time Capsule \u003c 1.22.7 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Backup and Staging by WP Time Capsule",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.22.7",
"version_value": "1.22.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jeremie Amsellem"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2641264",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25035",
"datePublished": "2022-01-24T08:01:15.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:14.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25035 (GCVE-0-2021-25035)
Vulnerability from cvelistv5 – Published: 2022-01-24 08:01 – Updated: 2024-08-03 19:49
VLAI
Title
Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting
Summary
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/f426360e-5ba0-4d… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2641264 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Backup and Staging by WP Time Capsule |
Affected:
1.22.7 , < 1.22.7
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Backup and Staging by WP Time Capsule",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.22.7",
"status": "affected",
"version": "1.22.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jeremie Amsellem"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T08:01:15.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Backup and Staging by WP Time Capsule \u003c 1.22.7 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25035",
"STATE": "PUBLIC",
"TITLE": "Backup and Staging by WP Time Capsule \u003c 1.22.7 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Backup and Staging by WP Time Capsule",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.22.7",
"version_value": "1.22.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jeremie Amsellem"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2641264",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25035",
"datePublished": "2022-01-24T08:01:15.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:14.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}