Wp Time Capsule
by WordPress
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-8771 | Cri | 0.67 | 9.8 | 0.46 | Feb 6, 2020 | The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts. | ||
| CVE-2024-38770 | Cri | 0.64 | 9.8 | 0.01 | Aug 1, 2024 | Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20. | ||
| CVE-2024-48020 | Hig | 0.55 | 8.5 | 0.00 | Oct 11, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.21. | ||
| CVE-2026-42760 | Hig | 0.49 | 7.5 | 0.00 | May 27, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.25. | ||
| CVE-2024-49684 | Hig | 0.47 | 7.2 | 0.01 | Oct 23, 2024 | Deserialization of Untrusted Data vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Object Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.21. | ||
| CVE-2025-47477 | Hig | 0.46 | 7.1 | 0.00 | Jun 9, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Reflected XSS.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.23. | ||
| CVE-2020-37255 | 0.00 | — | 0.00 | Jun 20, 2026 | WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP_JSON_PREFIX header. Attackers can exploit this flaw to obtain valid… |
- risk 0.67cvss 9.8epss 0.46
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
- risk 0.64cvss 9.8epss 0.01
Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.21.
- risk 0.49cvss 7.5epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.25.
- risk 0.47cvss 7.2epss 0.01
Deserialization of Untrusted Data vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Object Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.21.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Reflected XSS.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.23.
- CVE-2020-37255Jun 20, 2026risk 0.00cvss —epss 0.00
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP_JSON_PREFIX header. Attackers can exploit this flaw to obtain valid…