CVE-2026-8996
Backup and Staging by WP Time Capsule <= 1.22.26 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via download_recent_decrypted_file_wptc Function
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
09 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the download_recent_decrypted_file_wptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract download the most recently admin-decrypted SQL database backup, which typically contains password hashes, user credentials, and other sensitive site configuration data stored in the 'recent_decrypted_file' option. Exploitation requires that an administrator has previously performed a decrypt action, causing the decrypted SQL backup file to exist in the plugin's upload directory; without this prior admin action, there is no file to serve.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
revmakx · Backup and Staging by WP Time CapsuleReferencias
https://plugins.trac.wordpress.org/browser/wp-time-capsule/tags/1.22.26/Views/wptc-download-file.php#L23https://plugins.trac.wordpress.org/browser/wp-time-capsule/tags/1.22.26/wp-time-capsule.php#L3764https://plugins.trac.wordpress.org/browser/wp-time-capsule/tags/1.22.26/wp-time-capsule.php#L410https://plugins.trac.wordpress.org/browser/wp-time-capsule/trunk/Views/wptc-download-file.php#L23https://plugins.trac.wordpress.org/browser/wp-time-capsule/trunk/wp-time-capsule.php#L3764https://plugins.trac.wordpress.org/browser/wp-time-capsule/trunk/wp-time-capsule.php#L410https://plugins.trac.wordpress.org/changeset?reponame=&old=3563585%40wp-time-capsule&new=3563585%40wp-time-capsulehttps://www.wordfence.com/threat-intel/vulnerabilities/id/f7c39d66-f1e1-4d41-a9e4-984aec3f37dc?source=cve