Vulnerabilities and security researches forboldgrid-backup boldgrid-backup
Direction: ascendingTotal Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid # 03f561d4bedab4757f1463d04312a2b0f3638bcc
- CVE, Research URL
- Home page URL
-
Security reports for Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
- Date
- Dec 15, 2020
- Research Description
- Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid [boldgrid-backup] < 1.14.10 WordPress Total Upkeep plugin <= 1.14.9 - Sensitive Information Disclosure vulnerability Sensitive Data Disclosure (Server IP Address, UID etc) vulnerability found by Wadeek in WordPress Total Upkeep plugin (versions <= 1.14.9).
- Affected versions
-
max 1.14.10.
- Status
-
vulnerable
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid # CVE-2024-24869
- CVE, Research URL
- Home page URL
-
Security reports for Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
- Date
- May 17, 2024
- Research Description
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8.
- Affected versions
-
max 1.15.9.
- Status
-
vulnerable
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid # CVE-2022-4932
- CVE, Research URL
- Home page URL
-
Security reports for Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
- Date
- Mar 07, 2023
- Research Description
- The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.
- Affected versions
-
max 1.14.14.
- Status
-
vulnerable
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid # CVE-2024-9461
- CVE, Research URL
- Home page URL
-
Security reports for Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
- Date
- Nov 26, 2024
- Research Description
- The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.
- Affected versions
-
max 1.16.7.
- Status
-
vulnerable
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid # CVE-2024-13907
- CVE, Research URL
- Home page URL
-
Security reports for Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
- Date
- Feb 27, 2025
- Research Description
- The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
- Affected versions
-
max 1.16.9.
- Status
-
vulnerable
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid # CVE-2025-2257
- CVE, Research URL
- Home page URL
-
Security reports for Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
- Date
- Mar 26, 2025
- Research Description
- The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.
- Affected versions
-
max 1.17.0.
- Status
-
vulnerable
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid # CVE-2025-34084
- CVE, Research URL
-
-
- Home page URL
-
Security reports for Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
- Date
- Jul 09, 2025
- Research Description
- Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2020-36848.
- Affected versions
-
max 1.14.10.
- Status
-
vulnerable
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid # CVE-2026-3143
- CVE, Research URL
- Home page URL
-
Security reports for Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
- Date
- May 01, 2026
- Research Description
- The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_cli_cancel' function in all versions up to, and including, 1.17.1. This makes it possible for unauthenticated attackers to cancel a pending rollback, potentially preventing a WordPress installation from automatically reverting a failed update.
- Affected versions
-
max 1.17.2.
- Status
-
vulnerable
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid # CVE-2020-36848
- CVE, Research URL
- Home page URL
-
Security reports for Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
- Date
- Jul 12, 2025
- Research Description
- The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them.
- Affected versions
-
max 1.14.10.
- Status
-
vulnerable