[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAjRgvCiXkQWDyFaazmwMKVWq1RKND5K5U9kqwg5JIXQ":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2024-38770","backup-and-staging-by-wp-time-capsule-authentication-bypass-to-account-takeover","Backup and Staging by WP Time Capsule \u003C= 1.22.20 - Authentication Bypass to Account Takeover","The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.22.20. This is due to wptc_decode_auth_token() function using a loose comparison. This makes it possible for unauthenticated attackers to bypass authentication and access user accounts, including those that may have administrative access. This vulnerability does require a site to have a connection to wptimecapsule.com in order to be exploited.","wp-time-capsule",null,"\u003C=1.22.20","1.22.21","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Authentication Bypass Using an Alternate Path or Channel","2024-07-13 00:00:00","2024-08-09 21:17:00",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbb00eae9-645d-4827-b691-2408fd24aa75?source=api-prod",28]