Search criteria
2 vulnerabilities found for Backup and Staging by WP Time Capsule by Unknown
CVE-2021-25035 (GCVE-0-2021-25035)
Vulnerability from cvelistv5 – Published: 2022-01-24 08:01 – Updated: 2024-08-03 19:49
VLAI?
Title
Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting
Summary
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Backup and Staging by WP Time Capsule |
Affected:
1.22.7 , < 1.22.7
(custom)
|
Credits
Jeremie Amsellem
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Backup and Staging by WP Time Capsule",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.22.7",
"status": "affected",
"version": "1.22.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jeremie Amsellem"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T08:01:15",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Backup and Staging by WP Time Capsule \u003c 1.22.7 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25035",
"STATE": "PUBLIC",
"TITLE": "Backup and Staging by WP Time Capsule \u003c 1.22.7 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Backup and Staging by WP Time Capsule",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.22.7",
"version_value": "1.22.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jeremie Amsellem"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2641264",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25035",
"datePublished": "2022-01-24T08:01:15",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:14.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25035 (GCVE-0-2021-25035)
Vulnerability from nvd – Published: 2022-01-24 08:01 – Updated: 2024-08-03 19:49
VLAI?
Title
Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting
Summary
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Backup and Staging by WP Time Capsule |
Affected:
1.22.7 , < 1.22.7
(custom)
|
Credits
Jeremie Amsellem
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Backup and Staging by WP Time Capsule",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.22.7",
"status": "affected",
"version": "1.22.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jeremie Amsellem"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T08:01:15",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Backup and Staging by WP Time Capsule \u003c 1.22.7 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25035",
"STATE": "PUBLIC",
"TITLE": "Backup and Staging by WP Time Capsule \u003c 1.22.7 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Backup and Staging by WP Time Capsule",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.22.7",
"version_value": "1.22.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jeremie Amsellem"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2641264",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2641264"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25035",
"datePublished": "2022-01-24T08:01:15",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:14.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}