The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the download_recent_decrypted_file_wptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract download the most recently admin-decrypted SQL database backup, which typically contains password hashes, user credentials, and other sensitive site configuration data stored in the 'recent_decrypted_file' option. Exploitation requires that an administrator has previously performed a decrypt action, causing the decrypted SQL backup file to exist in the plugin's upload directory; without this prior admin action, there is no file to serve.
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 09 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Revmakx
Revmakx backup And Staging By Wp Time Capsule Wordpress Wordpress wordpress |
|
| Vendors & Products |
Revmakx
Revmakx backup And Staging By Wp Time Capsule Wordpress Wordpress wordpress |
Thu, 09 Jul 2026 08:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the download_recent_decrypted_file_wptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract download the most recently admin-decrypted SQL database backup, which typically contains password hashes, user credentials, and other sensitive site configuration data stored in the 'recent_decrypted_file' option. Exploitation requires that an administrator has previously performed a decrypt action, causing the decrypted SQL backup file to exist in the plugin's upload directory; without this prior admin action, there is no file to serve. | |
| Title | Backup and Staging by WP Time Capsule <= 1.22.26 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via download_recent_decrypted_file_wptc Function | |
| Weaknesses | CWE-862 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-09T17:29:08.760Z
Reserved: 2026-05-19T13:31:06.616Z
Link: CVE-2026-8996
Updated: 2026-07-09T17:29:05.503Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-09T10:15:04Z