CVE-2026-8996
Received Received - Intake

Sensitive Information Exposure in Backup and Staging by WP Time Capsule

Vulnerability report for CVE-2026-8996, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Wordfence

Description

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the download_recent_decrypted_file_wptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract download the most recently admin-decrypted SQL database backup, which typically contains password hashes, user credentials, and other sensitive site configuration data stored in the 'recent_decrypted_file' option. Exploitation requires that an administrator has previously performed a decrypt action, causing the decrypted SQL backup file to exist in the plugin's upload directory; without this prior admin action, there is no file to serve.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wp_time_capsule backup_and_staging to 1.22.26 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The Backup and Staging by WP Time Capsule plugin for WordPress has a vulnerability in all versions up to and including 1.22.26. This vulnerability allows authenticated users with subscriber-level access or higher to download the most recently admin-decrypted SQL database backup file. This backup file typically contains sensitive information such as password hashes, user credentials, and other site configuration data. The vulnerability exists because the decrypted backup file is stored in the plugin's upload directory and can be accessed via the download_recent_decrypted_file_wptc function. However, exploitation requires that an administrator has previously decrypted a backup, causing the decrypted file to exist.

Impact Analysis

This vulnerability can lead to sensitive information exposure. An attacker with subscriber-level access or higher can obtain the decrypted SQL backup file, which contains password hashes, user credentials, and other sensitive configuration data. This exposure can compromise user accounts and site security, potentially allowing further unauthorized access or attacks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8996. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart