"WP Time Capsule Plugin Update Urged After Critical Security Flaw"

Security researchers at Patchstack have recently found a new vulnerability in the Backup and Staging by WP Time Capsule plugin, affecting versions 1.22.20 and below.  The researchers noted that the WordPress plugin, with over 20,000 active installations, facilitates website backups and update management through cloud-native file versioning systems. The flaw allowed unauthorized users to exploit a broken authentication mechanism, potentially gaining administrative access to affected sites.  The researchers said this issue was reported to the plugin developers on July 3, who responded swiftly by releasing version 1.22.20 within six hours of notification to mitigate the initial vulnerability.  However, it was later noted that the initial patch was only partially effective, as the comparison method used in the fix could still potentially be circumvented. Subsequently, version 1.22.21 was released on July 12, incorporating a more robust security fix involving additional hash comparisons to prevent further exploitation.

Infosecurity Magazine reports: "WP Time Capsule Plugin Update Urged After Critical Security Flaw"