7.5
CVE-2020-36848
- EPSS 56.2%
- Veröffentlicht 12.07.2025 11:23:39
- Zuletzt bearbeitet 29.07.2025 20:38:40
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them.
Mögliche Gegenmaßnahme
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid: Update to version 1.14.10, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
Version
* - 1.14.9
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Boldgrid ≫ Total Upkeep SwPlatformwordpress Version < 1.14.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 56.2% | 0.98 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.