HTTP: WordPress WP Time Capsule Plugin UploadHandler.php Unrestricted File Upload
This signature detects attempts to exploit a known vulnerability against WordPress. A successful attack can lead to arbitrary code execution.
Extended Description
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Short Name
HTTP:PHP:WP-HNDLR-FL-UP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2024-8856 Capsule File Plugin Time Unrestricted Upload UploadHandler.php WP WordPress
Release Date
02/03/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3779
False Positive
Unknown