CVE-2024-13907

Medium CVSS: 4.9

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Vendor

Boldgrid

Product

Total Upkeep

CWE

CWE-918

Yayın Tarihi

2025-02-27 07:15:33

Güncelleme

2025-03-11 16:26:05

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-918 Total Upkeep MEDIUM Boldgrid 2025

Referanslar

https://plugins.trac.wordpress.org/browser/boldgrid-backup/trunk/includes/class-boldgrid-backup-archive-fetcher.php#L141 https://plugins.trac.wordpress.org/changeset/3246655/ https://www.wordfence.com/threat-intel/vulnerabilities/id/21da92d2-c38d-4a12-b850-bd0b580aaa54?source=cve

Benzer Kayıtlar

High

CVE-2020-36848

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sens…

High

CVE-2025-2257

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remo…

Medium

CVE-2025-0859

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal…

Medium

CVE-2025-22759

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and…

High

CVE-2024-12365

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check o…

Medium

CVE-2024-12006

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability c…