cleantalk
Vulnerabilities and Security Researches

Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid, CVE-2022-4932

CVE, Research URL

CVE-2022-4932

Home page URL

Security reports for Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid

Application

Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid

Published on
Mar 07, 2023
Research Description
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.
Affected versions
Min -, max 1.14.14.
Status
vulnerable
Previous vulnerability researches
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid (CVE-2025-2257) , Mar 27, 2025
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid (CVE-2024-13907) , Feb 28, 2025
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid (CVE-2024-9461) , Nov 28, 2024
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid (CVE-2025-34084) , Jul 12, 2025
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid (03f561d4bedab4757f1463d04312a2b0f3638bcc) , Jun 07, 2024
New vulnerability
Simple File List (CVE-2025-34085) , Jul 13, 2025
Pakke Envíos (CVE-2025-52819) , Jul 13, 2025
Gwolle Guestbook (CVE-2025-5807) , Jul 13, 2025
Tennis Court Bookings (CVE-2025-52787) , Jul 13, 2025
WPC Smart Compare for WooCommerce (CVE-2025-5530) , Jul 13, 2025