CVE-2020-36848

High CVSS: 7.5

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them.

Vendor

Boldgrid

Product

Total Upkeep

CWE

CWE-200

Yayın Tarihi

2025-07-12 12:15:24

Güncelleme

2025-07-29 20:38:40

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-200 Total Upkeep HIGH Boldgrid 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/2439376/boldgrid-backup https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/wp_total_upkeep_downloader.rb https://wpscan.com/vulnerability/d35c19d9-8586-4c5b-9a01-44739cbeee19/ https://www.wordfence.com/threat-intel/vulnerabilities/id/86a5adaf-02b7-4b42-a048-8bc01f07656b?source=cve

Benzer Kayıtlar

High

CVE-2025-2257

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remo…

Medium

CVE-2024-13907

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Serv…

Medium

CVE-2025-0859

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal…

Medium

CVE-2025-22759

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and…

High

CVE-2024-12365

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check o…

Medium

CVE-2024-12006

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability c…