WP-Safety

Backup and Staging by WP Time Capsule Security & Risk Analysis

wordpress.org/plugins/wp-time-capsule

Backup and Staging by WP Time Capsule is an automated incremental backup plugin that backs up your website changes as per your schedule to Dropbox, Go …

20K active installs v1.22.25 PHP + WP 3.9.14+ Updated Sep 22, 2025
auto-updatesbackupbackup-before-updatemigrationstaging
85
A · Safe
CVEs total7
Unpatched0
Last CVEJun 4, 2025
Plugin page Download
Safety Verdict

Is Backup and Staging by WP Time Capsule Safe to Use in 2026?

Generally Safe

Score 85/100

Backup and Staging by WP Time Capsule has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Jun 4, 2025Updated 6mo ago
Risk Assessment

The security posture of wp-time-capsule v1.22.25 presents significant concerns, primarily due to its extensive and unprotected attack surface. With 91 AJAX handlers lacking any form of authentication checks, this plugin is highly susceptible to unauthorized execution of code and manipulation of sensitive data. The static analysis also reveals a concerning number of dangerous functions, including those that can execute system commands, and a low percentage of properly escaped output, indicating a high risk of cross-site scripting vulnerabilities. Furthermore, 34 out of 37 analyzed taint flows have unsanitized paths, with 4 classified as high severity, suggesting potential for serious security breaches.

The plugin's vulnerability history, with 7 known CVEs including 3 critical and 1 high severity, reinforces these concerns. The types of past vulnerabilities, such as authentication bypass, deserialization of untrusted data, and SQL injection, align with the weaknesses identified in the static analysis. While there are currently no unpatched CVEs and the last vulnerability was in the past, the recurring nature and severity of past issues indicate a persistent struggle with secure coding practices. The presence of a nonce check and capability checks is a positive sign, but their limited application renders them ineffective against the broader attack surface. The plugin's reliance on bundled libraries like Guzzle also requires careful monitoring for their security status.

In conclusion, while the plugin has a history of addressing vulnerabilities and shows some positive signs like prepared SQL statements and limited capability checks, the overwhelming lack of authentication on its numerous AJAX handlers, combined with the prevalence of dangerous functions and unsanitized data flows, creates a critical security risk. The historical pattern of severe vulnerabilities further amplifies this concern. Users of this plugin should be extremely cautious and consider alternative solutions or ensure robust external security measures are in place.

Key Concerns

  • 91 AJAX handlers without auth checks
  • 4 high severity taint flows
  • 34 flows with unsanitized paths
  • 103 dangerous functions used
  • 27% output properly escaped
  • 3 critical CVEs
  • 1 high CVE
  • Vulnerability types: Auth Bypass, Deserialization, SQLi, XSS
  • Only 1 nonce check
  • Only 2 capability checks
  • 55% SQL using prepared statements
Vulnerabilities
7

Backup and Staging by WP Time Capsule Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
1 CVE in 2021
2021
4 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
3
High
1
Medium
3

7 total CVEs

CVE-2025-47477medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Backup and Staging by WP Time Capsule <= 1.22.23 - Reflected Cross-Site Scripting

Jun 4, 2025 Patched in 1.22.24 (8d)
CVE-2024-8856critical · 9.8Unrestricted Upload of File with Dangerous Type

Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload

Nov 15, 2024 Patched in 1.22.22 (7d)
CVE-2024-49684high · 7.2Deserialization of Untrusted Data

Backup and Staging by WP Time Capsule <= 1.22.21 - Authenticated (Administrator+) PHP Object Injection

Oct 21, 2024 Patched in 1.22.22 (10d)
CVE-2024-48020medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Backup and Staging by WP Time Capsule <= 1.22.21 - Authenticated (Contributor+) SQL Injection

Oct 8, 2024 Patched in 1.22.22 (9d)
CVE-2024-38770critical · 9.8Authentication Bypass Using an Alternate Path or Channel

Backup and Staging by WP Time Capsule <= 1.22.20 - Authentication Bypass to Account Takeover

Jul 13, 2024 Patched in 1.22.21 (28d)
CVE-2021-25035medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Backup and Staging by WP Time Capsule <= 1.22.6 - Reflected Cross-Site Scripting

Dec 21, 2021 Patched in 1.22.7 (763d)
CVE-2020-8771critical · 9.8Authentication Bypass Using an Alternate Path or Channel

Backup and Staging by WP Time Capsule <= 1.21.15 - Authentication Bypass

Jan 14, 2020 Patched in 1.21.16 (1470d)
Code Analysis
Analyzed Mar 16, 2026

Backup and Staging by WP Time Capsule Code Analysis

Dangerous Functions
103
Raw SQL Queries
211
256 prepared
Unescaped Output
160
60 escaped
Nonce Checks
1
Capability Checks
2
File Operations
372
External Requests
15
Bundled Libraries
2

Dangerous Functions Found

unserialize$Ldata = unserialize($rec->log_data, ['allowed_classes' => false]);Classes\ActivityLog.php:210
unserialize$Moredata = unserialize($srec->log_data, ['allowed_classes' => false]);Classes\ActivityLog.php:344
unserialize$limit = unserialize($limit);Classes\AppFunctions\AppFunctions.php:373
unserialize$limit = unserialize($limit);Classes\AppFunctions\AppFunctions.php:392
unserialize$active_plugins = unserialize($active_plugins);Classes\AppFunctions\AppFunctions.php:478
unserialize$active_plugins = unserialize($active_plugins);Classes\AppFunctions\AppFunctions.php:508
unserialize$current = unserialize($current);Classes\AppFunctions\AppFunctions.php:528
unserialize$current = unserialize($current);Classes\AppFunctions\AppFunctions.php:554
unserialize$contents = @unserialize($this->config->get_option('this_cookie'), ['allowed_classes' => false]);Classes\BackupController.php:327
unserialize$unserialized_data = @unserialize($data);Classes\class-replace-db-links.php:459
unserializeif (is_string($data) && ($unserialized = @unserialize($data)) !== false) {Classes\class-replace-db-links.php:513
unserialize$test = @unserialize($data);Classes\class-replace-db-links.php:617
unserialize$prev_data = unserialize($raw_prev_data);Classes\Config.php:189
unserialize$this_arr = unserialize($this_ser);Classes\Config.php:210
unserialize$white_lable_details = unserialize($white_lable_details);Classes\Config.php:688
unserialize$settings = !empty($settings) ? unserialize($settings, ['allowed_classes' => false]) : array();Classes\Config.php:1324
exec$log = @exec($command, $output, $return);Classes\DatabaseBackup.php:729
system$log = @system($command, $return);Classes\DatabaseBackup.php:739
passthru$log = passthru($command, $return);Classes\DatabaseBackup.php:750
unserialize$settings = unserialize($raw_settings, ['allowed_classes' => false]);Classes\ExcludeOption\ExcludeOption.php:1295
unserialize$meta_data_status = unserialize($meta_data_status);Classes\Extension\DefaultOutput.php:130
unserialize$token_arr = unserialize($token_obj, ['allowed_classes' => false]);Classes\GdriveFacade.php:123
unserialize$signed_in_arr = unserialize($signed_in_arr);Classes\InitialSetup\InitialSetup.php:626
unserialize$final_data[$i]['update_details'] = !empty($meta->update_details) ? unserialize($meta->update_detailClasses\Processed\Files.php:1132
unserialize$connected_repos = unserialize($connected_repos_arr);Classes\Settings\Settings.php:240
unserializereturn unserialize($tables_schema);Classes\Triggers\TriggerInit.php:271
unserializereturn unserialize($failed_tables);Classes\Triggers\TriggerInit.php:344
unserialize$contents = @unserialize($options_obj->get_option('this_cookie'));common-functions.php:406
unserialize$unserialized = unserialize($raw);common-functions.php:1165
unserialize$unserialized = unserialize($raw);common-functions.php:1186
unserialize$data = unserialize($data);Google\Cache\File.php:75
unserialize$excluded_list = unserialize($excluded_list);Pro\BackupBeforeUpdate\AutoUpdate.php:206
unserialize$settings = unserialize($settings_serialized, ['allowed_classes' => false]);Pro\BackupBeforeUpdate\AutoUpdateSettings.php:21
unserialize$included_themes = empty($auto_updater_settings['themes']['included']) ? array() : unserialize($autoPro\BackupBeforeUpdate\AutoUpdateSettings.php:229
unserialize$included_plugins = empty($auto_updater_settings['plugins']['included']) ? array() : unserialize($auPro\BackupBeforeUpdate\AutoUpdateSettings.php:248
unserialize$included_plugins = empty($auto_updater_settings['plugins']['included']) ? array() : unserialize($auPro\BackupBeforeUpdate\AutoUpdateSettings.php:306
unserialize$included_themes = empty($auto_updater_settings['themes']['included']) ? array() : unserialize($autoPro\BackupBeforeUpdate\AutoUpdateSettings.php:348
unserialize$settings = unserialize($settings_serialized, ['allowed_classes' => false]);Pro\BackupBeforeUpdate\AutoUpdateSettings.php:537
unserialize$settings = unserialize($settings_serialized, ['allowed_classes' => false]);Pro\BackupBeforeUpdate\AutoUpdateSettings.php:552
unserialize$plugins_included = $this->get_slug_from_array(unserialize($settings['auto_update']['plugins']['inclPro\BackupBeforeUpdate\AutoUpdateSettings.php:582
unserialize$themes_included = unserialize($settings['auto_update']['themes']['included'], ['allowed_classes' =>Pro\BackupBeforeUpdate\AutoUpdateSettings.php:590
unserialize$settings = unserialize($settings_serialized, ['allowed_classes' => false]);Pro\BackupBeforeUpdate\AutoUpdateSettings.php:630
unserialize$items = unserialize($items, ['allowed_classes' => false]);Pro\BackupBeforeUpdate\AutoUpdateSettings.php:640
unserialize$settings = unserialize($settings_serialized, ['allowed_classes' => false]);Pro\BackupBeforeUpdate\AutoUpdateSettings.php:675
unserialize$list = unserialize($current_list);Pro\BackupBeforeUpdate\AutoUpdateSettings.php:702
unserialize$existing_plugins_list = !empty($settings['update_settings']['plugins']['included']) ? unserialize($Pro\BackupBeforeUpdate\AutoUpdateSettings.php:759
unserialize$existing_themes_list = !empty($settings['update_settings']['themes']['included']) ? unserialize($sePro\BackupBeforeUpdate\AutoUpdateSettings.php:805
unserializereturn empty($data) ? false : unserialize($data);Pro\BackupBeforeUpdate\HooksHandler.php:162
unserialize$upgrade_details = unserialize($raw_upgrade_details);Pro\BackupBeforeUpdate\init.php:166
unserialize$upgrade_responses = unserialize($raw_data, ['allowed_classes' => false]);Pro\BackupBeforeUpdate\init.php:343
unserialize$list = unserialize($raw_list);Pro\BackupBeforeUpdate\init.php:918
unserialize$upgrade_details = unserialize($raw_upgrade_details);Pro\BackupBeforeUpdate\init.php:944
unserialize$update_response_details = unserialize($raw_update_response_details, ['allowed_classes' => false]);Pro\BackupBeforeUpdate\init.php:986
unserialize$bulk_update_request = unserialize($raw_bulk_update_request, ['allowed_classes' => false]);Pro\BackupBeforeUpdate\init.php:1574
unserializereturn unserialize($raw_data);Pro\RestoreToStaging\init.php:55
unserialize$update_details = unserialize($result->update_details, ['allowed_classes' => false]);Pro\Rollback\init.php:79
unserialize$this->params = unserialize(base64_decode($this->params['data']), ['allowed_classes' => false]);Pro\Staging\bridge\bridge.php:45
unserialize$unserialized_response = @unserialize($decode_data);Pro\Staging\class-update-in-staging.php:38
unserialize$upgrade_details = unserialize($raw_upgrade_details, ['allowed_classes' => false]);Pro\Staging\class-update-in-staging.php:85
unserialize$unserialized_details = unserialize($serialized_details, ['allowed_classes' => false]);Pro\Staging\init.php:120
unserialize$tables = @unserialize($raw_result);Pro\Staging\init.php:1044
unserialize$tables = @unserialize($raw_result, ['allowed_classes' => false]);Pro\Staging\stage-to-live\includes\class-stage-to-live.php:284
unserialize$is_wptc_request = @unserialize(base64_decode($_REQUEST['data']), ['allowed_classes' => false]);Pro\Staging\stage-to-live\includes\class-stage-to-live.php:808
unserialize$this->settings = unserialize($data);Pro\Staging\stage-to-live\includes\class-staging-white-label.php:64
unserialize$settings = unserialize($settings_serialized, ['allowed_classes' => false]);Pro\Vulns\init.php:273
unserialize$excluded_themes = empty($vulns_settings['themes']['excluded']) ? array() : unserialize($vulns_settiPro\Vulns\init.php:286
unserialize$excluded_plugins = empty($vulns_settings['plugins']['excluded']) ? array() : unserialize($vulns_setPro\Vulns\init.php:309
unserialize$excluded_themes = empty($vulns_settings['themes']['excluded']) ? array() : unserialize($vulns_settiPro\Vulns\init.php:381
unserialize$excluded_plugins = empty($vulns_settings['plugins']['excluded']) ? array() : unserialize($vulns_setPro\Vulns\init.php:382
unserialize$this->settings = unserialize($data);Pro\WhiteLabel\init.php:37
shell_exec$json = shell_exec($credentialProcess);S3\awswptc\aws-sdk-php\src\Credentials\CredentialProvider.php:630
unserializeunserialize($serialized['client'])S3_BWC\aws\aws-sdk-php\src\AwsWPTC\Common\Credentials\RefreshableInstanceProfileCredentials.php:73
unserialize$data = unserialize($serialized);S3_BWC\aws\aws-sdk-php\src\AwsWPTC\Common\Model\MultipartUpload\AbstractTransferState.php:155
unserialize$this->loadData(unserialize($serialized));S3_BWC\aws\aws-sdk-php\src\AwsWPTC\Common\Model\MultipartUpload\AbstractUploadId.php:68
unserialize$this->loadData(unserialize($serialized));S3_BWC\aws\aws-sdk-php\src\AwsWPTC\Common\Model\MultipartUpload\AbstractUploadPart.php:81
passthrupassthru($cmd, $retval);S3_BWC\guzzle\guzzle\phing\tasks\ComposerLintTask.php:96
execexec($cmd, $out, $retval);S3_BWC\guzzle\guzzle\phing\tasks\ComposerLintTask.php:103
execexec('which composer', $out);S3_BWC\guzzle\guzzle\phing\tasks\ComposerLintTask.php:143
passthrupassthru('aws s3 sync s3://pear.guzzlephp.org ./channel');S3_BWC\guzzle\guzzle\phing\tasks\GuzzlePearPharPackageTask.php:112
passthrupassthru('pirum add ./channel ' . $file);S3_BWC\guzzle\guzzle\phing\tasks\GuzzlePearPharPackageTask.php:117
passthrupassthru('aws s3 sync . s3://pear.guzzlephp.org');S3_BWC\guzzle\guzzle\phing\tasks\GuzzlePearPharPackageTask.php:128
passthrupassthru($cmd);S3_BWC\guzzle\guzzle\phing\tasks\GuzzleSubSplitTask.php:215
passthrupassthru('php ../composer.phar update --dev');S3_BWC\guzzle\guzzle\phing\tasks\GuzzleSubSplitTask.php:234
passthrupassthru('php ../composer.phar install --dev');S3_BWC\guzzle\guzzle\phing\tasks\GuzzleSubSplitTask.php:260
passthrupassthru("git checkout '$head'");S3_BWC\guzzle\guzzle\phing\tasks\GuzzleSubSplitTask.php:289
passthrupassthru("git checkout master");S3_BWC\guzzle\guzzle\phing\tasks\GuzzleSubSplitTask.php:312
unserializeforeach (unserialize($manifest) as $entry) {S3_BWC\guzzle\guzzle\src\Guzzle\Plugin\Cache\DefaultCacheStorage.php:72
unserializeforeach (unserialize($entries) as $entry) {S3_BWC\guzzle\guzzle\src\Guzzle\Plugin\Cache\DefaultCacheStorage.php:107
unserialize$entries = unserialize($entries);S3_BWC\guzzle\guzzle\src\Guzzle\Plugin\Cache\DefaultCacheStorage.php:132
unserialize$plans = unserialize($plans, ['allowed_classes' => false]);Views\wptc-plans.php:284
unserialize$return_array['wptc_own_cron_status'] = unserialize($cron_status);Views\wptc-progress.php:48
unserialize$fieldParams = unserialize($fieldParams, ['allowed_classes' => false]);wp-tcapsule-bridge\pclzip.class.php:692
execexec($cmd, $output, $error);wp-tcapsule-bridge\upload\php\UploadHandler.php:1002
execexec($cmd, $output, $error);wp-tcapsule-bridge\upload\php\UploadHandler.php:1028
unserialize$data = unserialize($data, ['allowed_classes' => false]);wp-tcapsule-bridge\wptc-ajax.php:232
unserialize$files_to_restore_tmp = unserialize($selected_files_temp_restore, ['allowed_classes' => false]);wp-tcapsule-bridge\wptc-ajax.php:793
unserializeif ( is_string( $data ) && ( $unserialized = @unserialize( $data ) ) !== false ) {wp-tcapsule-bridge\wptc-restore-app-functions.php:888
unserialize$tables = @unserialize($raw_result);wp-tcapsule-bridge\wptc-restore-app-functions.php:1294
unserialize$cron_status = unserialize($cron_status);wp-time-capsule.php:737
unserialize$contents = @unserialize($options->get_option('this_cookie'), ['allowed_classes' => false]);wp-time-capsule.php:816
unserialize$refresh_token_arr = unserialize(wp_unslash($_POST['credsData']['g_drive_refresh_token']), ['allowedwp-time-capsule.php:2538
unserialize$cron_status = unserialize($cron_status);wp-time-capsule.php:3270
unserialize$notice = unserialize($notice, ['allowed_classes' => false]);wp-time-capsule.php:3589

Bundled Libraries

GuzzlejQuery

SQL Query Safety

55% prepared467 total queries

Output Escaping

27% escaped220 total outputs
Data Flows
34 unsanitized

Data Flow Analysis

25 flows34 with unsanitized paths
verify_ajax_requests (Classes\AppFunctions\AppFunctions.php:227)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
91 unprotected

Backup and Staging by WP Time Capsule Attack Surface

Entry Points91
Unprotected91

AJAX Handlers 91

authwp_ajax_wptc_get_root_filesClasses\ExcludeOption\Hooks.php:22
authwp_ajax_wptc_get_init_root_filesClasses\ExcludeOption\Hooks.php:23
authwp_ajax_wptc_get_init_files_by_keyClasses\ExcludeOption\Hooks.php:24
authwp_ajax_wptc_get_files_by_keyClasses\ExcludeOption\Hooks.php:25
authwp_ajax_wptc_get_tablesClasses\ExcludeOption\Hooks.php:26
authwp_ajax_wptc_get_init_tablesClasses\ExcludeOption\Hooks.php:27
authwp_ajax_exclude_file_list_wptcClasses\ExcludeOption\Hooks.php:28
authwp_ajax_include_file_list_wptcClasses\ExcludeOption\Hooks.php:29
authwp_ajax_exclude_table_list_wptcClasses\ExcludeOption\Hooks.php:30
authwp_ajax_include_table_list_wptcClasses\ExcludeOption\Hooks.php:31
authwp_ajax_include_table_structure_only_wptcClasses\ExcludeOption\Hooks.php:32
authwp_ajax_analyze_inc_exc_lists_wptcClasses\ExcludeOption\Hooks.php:33
authwp_ajax_exclude_all_suggested_items_wptcClasses\ExcludeOption\Hooks.php:34
authwp_ajax_get_all_excluded_files_wptcClasses\ExcludeOption\Hooks.php:35
authwp_ajax_clear_bbu_notes_wptcPro\BackupBeforeUpdate\Hooks.php:21
authwp_ajax_get_installed_plugins_wptcPro\BackupBeforeUpdate\Hooks.php:22
authwp_ajax_get_installed_themes_wptcPro\BackupBeforeUpdate\Hooks.php:23
authwp_ajax_save_bbu_settings_wptcPro\BackupBeforeUpdate\Hooks.php:24
authwp_ajax_init_restore_to_staging_wptcPro\RestoreToStaging\Hooks.php:23
authwp_ajax_get_previous_versions_wptcPro\Rollback\Hooks.php:23
authwp_ajax_screenshot_save_wptcPro\Screenshot\Screenshot.php:62
noprivwp_ajax_screenshot_save_wptcPro\Screenshot\Screenshot.php:63
authwp_ajax_att_settings_save_wptcPro\Screenshot\Screenshot.php:64
noprivwp_ajax_att_settings_save_wptcPro\Screenshot\Screenshot.php:65
authwp_ajax_prefill_scrn_shot_settings_wptcPro\Screenshot\Screenshot.php:66
noprivwp_ajax_prefill_scrn_shot_settings_wptcPro\Screenshot\Screenshot.php:67
authwp_ajax_start_fresh_staging_wptcPro\Staging\Hooks.php:19
authwp_ajax_copy_staging_wptcPro\Staging\Hooks.php:20
authwp_ajax_continue_staging_wptcPro\Staging\Hooks.php:21
authwp_ajax_delete_staging_wptcPro\Staging\Hooks.php:22
authwp_ajax_get_staging_details_wptcPro\Staging\Hooks.php:23
authwp_ajax_stop_staging_wptcPro\Staging\Hooks.php:24
authwp_ajax_is_staging_need_request_wptcPro\Staging\Hooks.php:25
authwp_ajax_get_staging_url_wptcPro\Staging\Hooks.php:27
authwp_ajax_save_upgrade_meta_in_staging_wptcPro\Staging\Hooks.php:28
authwp_ajax_save_staging_settings_wptcPro\Staging\Hooks.php:29
authwp_ajax_force_update_in_staging_wptcPro\Staging\Hooks.php:30
authwp_ajax_get_staging_current_status_key_wptcPro\Staging\Hooks.php:31
authwp_ajax_wptc_copy_stage_to_livePro\Staging\stage-to-live\wp-time-capsule-staging.php:133
authwp_ajax_wptc_get_root_filesPro\Staging\stage-to-live\wp-time-capsule-staging.php:138
authwp_ajax_wptc_get_files_by_keyPro\Staging\stage-to-live\wp-time-capsule-staging.php:139
authwp_ajax_wptc_get_tablesPro\Staging\stage-to-live\wp-time-capsule-staging.php:140
authwp_ajax_exclude_file_list_wptcPro\Staging\stage-to-live\wp-time-capsule-staging.php:141
authwp_ajax_include_file_list_wptcPro\Staging\stage-to-live\wp-time-capsule-staging.php:142
authwp_ajax_exclude_table_list_wptcPro\Staging\stage-to-live\wp-time-capsule-staging.php:143
authwp_ajax_include_table_list_wptcPro\Staging\stage-to-live\wp-time-capsule-staging.php:144
authwp_ajax_include_table_structure_only_wptcPro\Staging\stage-to-live\wp-time-capsule-staging.php:145
authwp_ajax_save_vulns_settings_wptcPro\Vulns\Hooks.php:22
authwp_ajax_get_installed_plugins_vulns_wptcPro\Vulns\Hooks.php:23
authwp_ajax_get_installed_themes_vulns_wptcPro\Vulns\Hooks.php:24
authwp_ajax_progress_wptcwp-time-capsule.php:2339
authwp_ajax_get_this_day_backups_wptcwp-time-capsule.php:2340
authwp_ajax_get_sibling_files_wptcwp-time-capsule.php:2341
authwp_ajax_get_in_progress_backup_wptcwp-time-capsule.php:2342
authwp_ajax_start_backup_tc_wptcwp-time-capsule.php:2343
authwp_ajax_store_name_for_this_backup_wptcwp-time-capsule.php:2344
authwp_ajax_start_fresh_backup_tc_wptcwp-time-capsule.php:2345
authwp_ajax_stop_fresh_backup_tc_wptcwp-time-capsule.php:2346
authwp_ajax_stop_restore_tc_wptcwp-time-capsule.php:2347
authwp_ajax_start_restore_tc_wptcwp-time-capsule.php:2348
authwp_ajax_send_issue_report_wptcwp-time-capsule.php:2349
authwp_ajax_clear_wptc_logswp-time-capsule.php:2350
authwp_ajax_continue_with_wtcwp-time-capsule.php:2351
authwp_ajax_get_dropbox_authorize_url_wptcwp-time-capsule.php:2352
authwp_ajax_get_g_drive_authorize_url_wptcwp-time-capsule.php:2353
authwp_ajax_get_s3_authorize_url_wptcwp-time-capsule.php:2354
authwp_ajax_get_wasabi_authorize_url_wptcwp-time-capsule.php:2355
authwp_ajax_get_backblaze_authorize_url_wptcwp-time-capsule.php:2356
authwp_ajax_change_wptc_default_repowp-time-capsule.php:2357
authwp_ajax_plugin_update_notice_wptcwp-time-capsule.php:2358
authwp_ajax_lazy_load_activity_log_wptcwp-time-capsule.php:2359
authwp_ajax_update_sycn_db_view_wptcwp-time-capsule.php:2360
authwp_ajax_save_initial_setup_data_wptcwp-time-capsule.php:2361
authwp_ajax_test_connection_wptc_cronwp-time-capsule.php:2362
authwp_ajax_save_general_settings_wptcwp-time-capsule.php:2363
authwp_ajax_save_advanced_settings_wptcwp-time-capsule.php:2364
authwp_ajax_save_backup_settings_wptcwp-time-capsule.php:2365
authwp_ajax_resume_backup_wptcwp-time-capsule.php:2366
authwp_ajax_proceed_to_pay_wptcwp-time-capsule.php:2367
authwp_ajax_save_manual_backup_name_wptcwp-time-capsule.php:2368
authwp_ajax_clear_show_users_backend_errors_wptcwp-time-capsule.php:2369
authwp_ajax_make_this_fresh_site_wptcwp-time-capsule.php:2370
authwp_ajax_make_this_original_site_wptcwp-time-capsule.php:2371
authwp_ajax_login_request_wptcwp-time-capsule.php:2372
authwp_ajax_wptc_sync_purchasewp-time-capsule.php:2373
authwp_ajax_decrypt_file_wptcwp-time-capsule.php:2374
authwp_ajax_clear_all_decrypt_files_wptcwp-time-capsule.php:2375
authwp_ajax_get_check_to_show_dialog_wptcwp-time-capsule.php:2376
authwp_ajax_prepare_file_upload_index_file_wptcwp-time-capsule.php:2377
authwp_ajax_delete_file_upload_index_file_wptcwp-time-capsule.php:2378
authwp_ajax_clear_upgrade_after_backup_flags_wptcwp-time-capsule.php:2379
WordPress Hooks 165
actionjust_initialized_wptc_hBase\Hooks.php:26
actionstarting_fresh_new_backup_pre_wptc_hClasses\Analytics\Hooks.php:26
actionjust_starting_main_schedule_backup_wptc_hClasses\Analytics\Hooks.php:27
actioninside_monitor_backup_pre_wptc_hClasses\Analytics\Hooks.php:28
actionjust_completed_first_backup_wptc_hClasses\Analytics\Hooks.php:29
actionjust_completed_not_first_backup_wptc_hClasses\Analytics\Hooks.php:30
actionsend_basic_analyticsClasses\Analytics\Hooks.php:31
actionsend_database_sizeClasses\Analytics\Hooks.php:32
actionreset_statsClasses\Analytics\Hooks.php:33
actionsend_backups_data_to_server_wptcClasses\Analytics\Hooks.php:34
actionsend_ptc_list_to_server_wptcClasses\Analytics\Hooks.php:35
actionsend_server_info_wptcClasses\Analytics\Hooks.php:36
actionupgrader_process_completeClasses\Analytics\Hooks.php:39
actiondeleted_pluginClasses\Analytics\Hooks.php:41
actiondelete_site_transient_update_themesClasses\Analytics\Hooks.php:43
actionsend_ip_address_to_server_wptcClasses\Analytics\Hooks.php:44
actionsend_report_data_wptcClasses\Analytics\Hooks.php:45
actioninitClasses\plugin.compatibility.class.php:33
filtericwp-wpsf-visitor_is_whitelistedClasses\plugin.compatibility.class.php:41
actioninitClasses\plugin.compatibility.class.php:49
actioninitClasses\plugin.compatibility.class.php:65
filteradmin_footer_textClasses\Settings\Hooks.php:26
filterupdate_footerClasses\Settings\Hooks.php:27
filtersave_settings_revision_limit_wptcClasses\Settings\Hooks.php:34
actionadd_query_filter_wptcPro\AutoBackup\Hooks.php:42
actionstart_auto_backup_wptcPro\AutoBackup\Hooks.php:43
actionrefresh_realtime_tmp_wptcPro\AutoBackup\Hooks.php:44
actionadd_realtime_trigger_wptcPro\AutoBackup\Hooks.php:45
actionremove_realtime_trigger_wptcPro\AutoBackup\Hooks.php:46
filteris_auto_backup_running_wptcPro\AutoBackup\Hooks.php:50
filteris_realtime_partial_db_backup_wptcPro\AutoBackup\Hooks.php:51
filterget_realtime_partial_db_file_wptcPro\AutoBackup\Hooks.php:52
filterget_backup_slots_wptcPro\AutoBackup\Hooks.php:53
filtercheck_requirements_auto_backup_wptcPro\AutoBackup\Hooks.php:54
filtervalidate_auto_backup_wptcPro\AutoBackup\Hooks.php:55
filteradd_hide_dirs_wptcPro\AutoBackup\Hooks.php:56
filterget_realtime_dir_wptcPro\AutoBackup\Hooks.php:57
filterget_realtime_restore_to_latest_button_wptcPro\AutoBackup\Hooks.php:58
filteris_realtime_valid_query_file_wptcPro\AutoBackup\Hooks.php:59
filteris_realtime_enabled_wptcPro\AutoBackup\Hooks.php:60
filterget_realtime_full_backup_needed_tables_wptcPro\AutoBackup\Hooks.php:61
filtersend_core_update_notification_emailPro\BackupBeforeUpdate\Hooks.php:28
filterauto_update_corePro\BackupBeforeUpdate\Hooks.php:36
filterauto_update_themePro\BackupBeforeUpdate\Hooks.php:37
filterauto_update_pluginPro\BackupBeforeUpdate\Hooks.php:38
filterauto_update_translationPro\BackupBeforeUpdate\Hooks.php:39
filterplugins_auto_update_enabledPro\BackupBeforeUpdate\Hooks.php:41
filterthemes_auto_update_enabledPro\BackupBeforeUpdate\Hooks.php:42
actionjust_initialized_fresh_backup_wptc_hPro\BackupBeforeUpdate\Hooks.php:51
actiondo_ptc_upgrades_wptcPro\BackupBeforeUpdate\Hooks.php:52
actionadmin_enqueue_scriptsPro\BackupBeforeUpdate\Hooks.php:53
actioninstall_actions_wptcPro\BackupBeforeUpdate\Hooks.php:54
actionprocess_auto_updates_wptcPro\BackupBeforeUpdate\Hooks.php:55
actionturn_off_auto_update_wptcPro\BackupBeforeUpdate\Hooks.php:56
actionauto_update_failed_email_user_wptcPro\BackupBeforeUpdate\Hooks.php:57
actionturn_off_themes_auto_updates_wptcPro\BackupBeforeUpdate\Hooks.php:58
actioncheck_auto_updates_wptcPro\BackupBeforeUpdate\Hooks.php:59
actioncheck_any_upgrades_available_wptcPro\BackupBeforeUpdate\Hooks.php:60
actionupgrader_process_completePro\BackupBeforeUpdate\Hooks.php:63
actionupdate_bulk_auto_update_settings_wptcPro\BackupBeforeUpdate\Hooks.php:64
filterpage_settings_content_wptcPro\BackupBeforeUpdate\Hooks.php:68
filterhttp_request_argsPro\BackupBeforeUpdate\Hooks.php:69
filterupgrader_package_optionsPro\BackupBeforeUpdate\Hooks.php:71
filterget_backup_before_update_setting_wptcPro\BackupBeforeUpdate\Hooks.php:72
filterget_bbu_note_viewPro\BackupBeforeUpdate\Hooks.php:73
filteris_upgrade_in_progress_wptcPro\BackupBeforeUpdate\Hooks.php:74
filterbackup_and_update_wptcPro\BackupBeforeUpdate\Hooks.php:75
filterpage_settings_tab_wptcPro\BackupBeforeUpdate\Hooks.php:76
filtermodify_settings_to_server_wptcPro\BackupBeforeUpdate\Hooks.php:77
filterget_auto_updates_wptcPro\BackupBeforeUpdate\Hooks.php:78
filteris_upgrade_request_wptcPro\BackupBeforeUpdate\Hooks.php:79
actionwp_loadedPro\BackupBeforeUpdate\HooksHandler.php:258
actionwp_loadedPro\BackupBeforeUpdate\HooksHandler.php:259
actionwp_loadedPro\BackupBeforeUpdate\HooksHandler.php:336
actionwp_loadedPro\BackupBeforeUpdate\HooksHandler.php:337
actionjust_initialized_wptc_hPro\Hooks.php:18
filterget_on_demand_backuo_option_wptcPro\OnDemandBackup\Hooks.php:32
actionadmin_enqueue_scriptsPro\RestoreToStaging\Hooks.php:22
filterget_restore_to_staging_button_wptcPro\RestoreToStaging\Hooks.php:35
filteris_restore_to_staging_wptcPro\RestoreToStaging\Hooks.php:36
actionget_restore_to_staging_request_wptcPro\RestoreToStaging\Hooks.php:37
actionupdate_eligible_revision_limit_wptcPro\RevisionLimit\Hooks.php:18
actionset_revision_limit_wptcPro\RevisionLimit\Hooks.php:19
filterget_current_revision_limit_wptcPro\RevisionLimit\Hooks.php:23
filterget_eligible_revision_limit_wptcPro\RevisionLimit\Hooks.php:24
filterget_days_show_from_revision_limits_wptcPro\RevisionLimit\Hooks.php:25
actionadmin_enqueue_scriptsPro\Rollback\Hooks.php:22
filterplugin_action_linksPro\Rollback\Hooks.php:27
actiontake_screenshot_wptcPro\Screenshot\Hooks.php:28
actionflush_screenshot_flags_wptcPro\Screenshot\Hooks.php:29
actionwp_enqueue_scriptsPro\Screenshot\Screenshot.php:61
actionadd_additional_sub_menus_wptc_hPro\Staging\Hooks.php:43
actioninit_staging_wptc_hPro\Staging\Hooks.php:44
actionadd_staging_req_hPro\Staging\Hooks.php:45
actionsend_response_node_staging_wptc_hPro\Staging\Hooks.php:46
actionadmin_enqueue_scriptsPro\Staging\Hooks.php:47
actionstaging_view_wptcPro\Staging\Hooks.php:48
actionis_staging_taken_wptcPro\Staging\Hooks.php:49
actionupgrade_our_staging_plugin_wptcPro\Staging\Hooks.php:50
filteris_any_staging_process_going_onPro\Staging\Hooks.php:54
filterget_internal_staging_db_prefixPro\Staging\Hooks.php:55
filterpage_settings_tab_wptcPro\Staging\Hooks.php:56
filterpage_settings_content_wptcPro\Staging\Hooks.php:57
filterprocess_staging_details_hook_wptcPro\Staging\Hooks.php:58
filterset_options_to_staging_site_wptcPro\Staging\Hooks.php:59
filterplugin_row_metaPro\Staging\stage-to-live\includes\class-staging-white-label.php:40
filtersite_transient_update_pluginsPro\Staging\stage-to-live\includes\class-staging-white-label.php:43
filteradmin_urlPro\Staging\stage-to-live\includes\class-staging-white-label.php:46
filterall_pluginsPro\Staging\stage-to-live\includes\class-staging-white-label.php:49
actionwp_enqueue_scriptsPro\Staging\stage-to-live\wp-time-capsule-staging.php:128
actionadmin_enqueue_scriptsPro\Staging\stage-to-live\wp-time-capsule-staging.php:130
actionwp_before_admin_bar_renderPro\Staging\stage-to-live\wp-time-capsule-staging.php:131
actioninitPro\Staging\stage-to-live\wp-time-capsule-staging.php:132
filterthe_contentPro\Staging\stage-to-live\wp-time-capsule-staging.php:134
actionadmin_initPro\Staging\stage-to-live\wp-time-capsule-staging.php:150
actionnetwork_admin_menuPro\Staging\stage-to-live\wp-time-capsule-staging.php:185
actionadmin_menuPro\Staging\stage-to-live\wp-time-capsule-staging.php:188
actionadmin_enqueue_scriptsPro\Staging\stage-to-live\wp-time-capsule-staging.php:265
actionadmin_enqueue_scriptsPro\Vulns\Hooks.php:25
actionupdate_bulk_vulnerable_settings_wptcPro\Vulns\Hooks.php:26
filterget_format_vulns_settings_to_send_server_wptcPro\Vulns\Hooks.php:30
filterpage_settings_tab_wptcPro\Vulns\Hooks.php:31
filterpage_settings_content_wptcPro\Vulns\Hooks.php:32
filteris_vulns_checker_request_wptcPro\Vulns\Hooks.php:33
actioncheck_vulns_updates_wptcPro\Vulns\Hooks.php:37
actionwp_loadedPro\Vulns\HooksHandler.php:175
actionwp_loadedPro\Vulns\HooksHandler.php:176
actionadmin_initPro\WhiteLabel\Hooks.php:24
actionadmin_menuPro\WhiteLabel\Hooks.php:27
filtershow_advanced_pluginsPro\WhiteLabel\Hooks.php:29
actionupdate_white_labling_settings_wptcPro\WhiteLabel\Hooks.php:32
actionset_user_to_access_wl_wptcPro\WhiteLabel\Hooks.php:34
actionadd_pages_wl_wptcPro\WhiteLabel\Hooks.php:36
filtermodify_settings_to_server_wptcPro\WhiteLabel\Hooks.php:38
filterplugin_row_metaPro\WhiteLabel\Hooks.php:60
filtersite_transient_update_pluginsPro\WhiteLabel\Hooks.php:63
filteradmin_urlPro\WhiteLabel\Hooks.php:66
filterall_pluginsPro\WhiteLabel\Hooks.php:69
filtersite_transient_update_pluginsPro\WhiteLabel\Hooks.php:87
filterplugin_action_linksPro\WhiteLabel\Hooks.php:93
filtervalidate_users_access_wptcPro\WhiteLabel\Hooks.php:98
filteris_whitelabling_override_wptcPro\WhiteLabel\Hooks.php:103
filteris_whitelabling_active_wptcPro\WhiteLabel\Hooks.php:104
filterhide_this_option_wl_wptcPro\WhiteLabel\Hooks.php:105
filteris_general_tab_allowed_wptcPro\WhiteLabel\Hooks.php:106
filteris_staging_tab_allowed_wptcPro\WhiteLabel\Hooks.php:107
filteris_backup_tab_allowed_wptcPro\WhiteLabel\Hooks.php:108
actionwptc_trigger_truncate_cron_hookwp-time-capsule.php:281
actioninitwp-time-capsule.php:297
actionplugins_loadedwp-time-capsule.php:1485
actioninitwp-time-capsule.php:1985
actionadmin_enqueue_scriptswp-time-capsule.php:2284
actionadmin_enqueue_scriptswp-time-capsule.php:2286
actionnetwork_admin_noticeswp-time-capsule.php:2328
actionadmin_noticeswp-time-capsule.php:2330
actionadmin_enqueue_scriptswp-time-capsule.php:2333
actionload-index.phpwp-time-capsule.php:2336
actionnetwork_admin_menuwp-time-capsule.php:2382
actionadmin_menuwp-time-capsule.php:2383
actionadmin_menuwp-time-capsule.php:2385
actionnetwork_admin_noticeswp-time-capsule.php:2475
actionadmin_noticeswp-time-capsule.php:2477
actionset_site_transient_update_corewp-time-capsule.php:3860
actionplugins_loadedwptc-cron-functions.php:15
actionsetup_themewptc-cron-functions.php:16

Scheduled Events 1

wptc_trigger_truncate_cron_hook
Maintenance & Trust

Backup and Staging by WP Time Capsule Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 22, 2025
PHP min version
Downloads1.5M

Community Trust

Rating82/100
Number of ratings125
Active installs20K
Alternatives

Backup and Staging by WP Time Capsule Alternatives

Backup Migration

Backup Migration

backup-backup

B
77

Backup Migration

100K 12 CVEs
WP STAGING – WordPress Backup, Restore & Migration

WP STAGING – WordPress Backup, Restore & Migration

wp-staging

A
95

Backup, restore, staging, and migration for WordPress. Create full-site backups and test updates safely.

100K 4 CVEs
BlogVault Backup & Staging

BlogVault Backup & Staging

blogvault-real-time-backup

A
99

Secure incremental backups with staging, migration, and one-click restore for WordPress. Offsite storage and easy recovery.

80K 1 CVE
UpdraftPlus: WP Backup & Migration Plugin

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

A
90

Backup, restore or migrate your WordPress website to another host or domain. Schedule backups or run manually. Migrate in minutes.

3.0M 14 CVEs
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

duplicator

A
87

The best WordPress backup and migration plugin. Quickly and easily backup ,migrate, copy, move, or clone your site from one location to another.

1.0M 15 CVEs
Developer Profile

Backup and Staging by WP Time Capsule Developer Profile

revmakx

6 plugins · 224K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
704 days
View full developer profile
Detection Fingerprints

How We Detect Backup and Staging by WP Time Capsule

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-time-capsule/app/time-capsule.js/wp-content/plugins/wp-time-capsule/app/common.js/wp-content/plugins/wp-time-capsule/app/bootstrap.js/wp-content/plugins/wp-time-capsule/app/directives.js/wp-content/plugins/wp-time-capsule/app/main.js/wp-content/plugins/wp-time-capsule/css/time-capsule.css
Script Paths
/wp-content/plugins/wp-time-capsule/app/time-capsule.js/wp-content/plugins/wp-time-capsule/app/common.js/wp-content/plugins/wp-time-capsule/app/bootstrap.js/wp-content/plugins/wp-time-capsule/app/directives.js/wp-content/plugins/wp-time-capsule/app/main.js
Version Parameters
wp-time-capsule/app/time-capsule.js?ver=wp-time-capsule/app/common.js?ver=wp-time-capsule/app/bootstrap.js?ver=wp-time-capsule/app/directives.js?ver=wp-time-capsule/app/main.js?ver=wp-time-capsule/css/time-capsule.css?ver=

HTML / DOM Fingerprints

CSS Classes
wptc-nav-tabswptc-modal-bodywptc-modal-titlewptc-modal-footer
HTML Comments
<!-- WPTC: BACKUP --><!-- WPTC: START BACKUP --><!-- WPTC: START RESTORE --><!-- WPTC: START SCHEDULE -->+2 more
Data Attributes
wptc-login-btnwptc-nav-tab
JS Globals
WPTC_APP_SETTINGSwptc_app_settings
REST Endpoints
/wp-json/wp-time-capsule/v1/settings/wp-json/wp-time-capsule/v1/backup
FAQ

Frequently Asked Questions about Backup and Staging by WP Time Capsule