Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities found for Backup and Staging by WP Time Capsule by Unknown
CVE-2021-25035 (GCVE-0-2021-25035)
Vulnerability from nvd – Published: 2022-01-24 08:01 – Updated: 2024-08-03 19:49
VLAI?
Title
Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting
Summary
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Backup and Staging by WP Time Capsule |
Affected:
1.22.7 , < 1.22.7
(custom)
|
Credits
Jeremie Amsellem
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Backup and Staging by WP Time Capsule",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.22.7",
"status": "affected",
"version": "1.22.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jeremie Amsellem"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T08:01:15.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Backup and Staging by WP Time Capsule \u003c 1.22.7 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25035",
"STATE": "PUBLIC",
"TITLE": "Backup and Staging by WP Time Capsule \u003c 1.22.7 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Backup and Staging by WP Time Capsule",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.22.7",
"version_value": "1.22.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jeremie Amsellem"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2641264",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25035",
"datePublished": "2022-01-24T08:01:15.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:14.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25035 (GCVE-0-2021-25035)
Vulnerability from cvelistv5 – Published: 2022-01-24 08:01 – Updated: 2024-08-03 19:49
VLAI?
Title
Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting
Summary
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Backup and Staging by WP Time Capsule |
Affected:
1.22.7 , < 1.22.7
(custom)
|
Credits
Jeremie Amsellem
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Backup and Staging by WP Time Capsule",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.22.7",
"status": "affected",
"version": "1.22.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jeremie Amsellem"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T08:01:15.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Backup and Staging by WP Time Capsule \u003c 1.22.7 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25035",
"STATE": "PUBLIC",
"TITLE": "Backup and Staging by WP Time Capsule \u003c 1.22.7 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Backup and Staging by WP Time Capsule",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.22.7",
"version_value": "1.22.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jeremie Amsellem"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2641264",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25035",
"datePublished": "2022-01-24T08:01:15.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:14.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}