CVE-2024-8856 Scanner
CVE-2024-8856 Scanner - Remote Code Execution vulnerability in WP Time Capsule Plugin
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
13 days 2 hours
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
The WP Time Capsule Plugin is a WordPress plugin used for backup and staging purposes. It allows users to back up their websites and restore previous versions of their sites. The plugin helps automate the process of backing up WordPress data, ensuring that website administrators can easily restore their content if needed. It is widely used by individuals and businesses who rely on WordPress for their websites. The plugin integrates with WordPress and provides a straightforward interface for managing backups. However, recent security issues have been identified within the plugin, exposing users to vulnerabilities that could compromise the security of their websites.
The WP Time Capsule Plugin is vulnerable to remote code execution (RCE) due to a lack of file type validation in the UploadHandler.php file. This vulnerability allows unauthenticated attackers to upload arbitrary files to the server, which could lead to the execution of malicious code. The issue affects all versions up to and including 1.22.21. The vulnerability arises from the plugin's inability to properly validate file types, allowing attackers to upload PHP files that could then be executed remotely. This opens the door for attackers to gain control over the server hosting the WordPress site.
The vulnerability is located in the UploadHandler.php file of the WP Time Capsule Plugin. It stems from the plugin's failure to properly validate uploaded files, specifically within the file upload handler used for backup purposes. Attackers can exploit this flaw by uploading PHP files disguised as other file types. Once the malicious file is uploaded, attackers can execute the PHP file by accessing it through a publicly accessible URL. The file upload process does not restrict access to the uploaded files, which allows attackers to execute arbitrary code remotely on the server.
If exploited, this vulnerability could allow attackers to execute arbitrary PHP code on the server. This could lead to complete server compromise, allowing attackers to gain administrative access to the WordPress site. Attackers could use this access to modify website content, steal sensitive data, or launch further attacks. In addition, the server could be used for further malicious activities, such as hosting malware or launching DDoS attacks. The exploit of this vulnerability could result in significant damage to the website and its users.
REFERENCES
- https://hacked.be/posts/CVE-2024-8856
- https://plugins.trac.wordpress.org/browser/wp-time-capsule/trunk/wp-tcapsule-bridge/upload/php/UploadHandler.php
- https://plugins.trac.wordpress.org/changeset/3188325/
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3153289%40wp-time-capsule&new=3153289%40wp-time-capsule&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/fdc2de78-5601-461f-b2f0-c80b592ccb1b?source=cve
- https://nvd.nist.gov/vuln/detail/CVE-2024-8856
