cleantalk
Vulnerabilities and Security Researches

Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid, CVE-2024-13907

CVE, Research URL

CVE-2024-13907

Home page URL

Security reports for Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid

Application

Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid

Published on
Feb 27, 2025
Research Description
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions
Min -, max 1.16.9.
Status
vulnerable
Previous vulnerability researches
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid (CVE-2025-2257) , Mar 27, 2025
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid (CVE-2024-13907) , Feb 28, 2025
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid (CVE-2024-9461) , Nov 28, 2024
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid (CVE-2025-34084) , Jul 12, 2025
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid (03f561d4bedab4757f1463d04312a2b0f3638bcc) , Jun 07, 2024
New vulnerability
Simple File List (CVE-2025-34085) , Jul 13, 2025
Pakke Envíos (CVE-2025-52819) , Jul 13, 2025
Gwolle Guestbook (CVE-2025-5807) , Jul 13, 2025
Tennis Court Bookings (CVE-2025-52787) , Jul 13, 2025
WPC Smart Compare for WooCommerce (CVE-2025-5530) , Jul 13, 2025