CyberRota
← Ana sayfaya dön

CVE-2026-8996

MEDIUM · CVSS 6.5 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-09T08:16:49.620 · Çekilme zamanı: 2026-07-09T12:07:33.856235+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Tespit Edilen Sinyaller
exploit

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-8996
Severity
MEDIUM
CVSS
6.5
EPSS
Yok
WordPress

Orijinal NVD Açıklaması

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the download_recent_decrypted_file_wptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract download the most recently admin-decrypted SQL database backup, which typically contains password hashes, user credentials, and other sensitive site configuration data stored in the 'recent_decrypted_file' option. Exploitation requires that an administrator has previously performed a decrypt action, causing the decrypted SQL backup file to exist in the plugin's upload directory; without this prior admin action, there is no file to serve.