CVE-2021-25035

medium

Description

The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

References

https://wpscan.com/vulnerability/f426360e-5ba0-4d6b-bfd4-61bc54be3469

https://plugins.trac.wordpress.org/changeset/2641264

Details

Source: Mitre, NVD

Published: 2022-01-24

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N