Boldgrid Total Upkeep vulnerabilities
6 known vulnerabilities affecting boldgrid/total_upkeep.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-36848P3HIGHCVSS 7.5PoCfixed in 1.14.102025-07-12
CVE-2020-36848 [HIGH] CWE-200 CVE-2020-36848: The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress i
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently dow
nvd
CVE-2024-24869P3HIGHCVSS 7.5fixed in 1.15.9≥ n/a, ≤ 1.15.82024-05-17
CVE-2024-24869 [HIGH] CWE-22 CVE-2024-24869: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bold
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8.
nvd
CVE-2025-2257P3HIGHCVSS 7.2fixed in 1.17.02025-03-26
CVE-2025-2257 [HIGH] CWE-78 CVE-2025-2257: The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress i
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authentic
nvd
CVE-2024-9461P3HIGHCVSS 7.2fixed in 1.16.72024-11-26
CVE-2024-9461 [HIGH] CWE-78 CVE-2024-9461: The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress i
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level acces
nvd
CVE-2024-13907P3MEDIUMCVSS 6.5fixed in 1.16.92025-02-27
CVE-2024-13907 [MEDIUM] CWE-918 CVE-2024-13907: The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress i
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary loca
nvd
CVE-2022-4932P4MEDIUMCVSS 4.3≤ 1.14.132023-03-07
CVE-2022-4932 [MEDIUM] CWE-862 CVE-2022-4932: The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths
nvd