7.5
CVE-2020-36848
- EPSS 1.1%
- Veröffentlicht 12.07.2025 11:23:39
- Zuletzt bearbeitet 29.07.2025 20:38:40
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download
Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them.
Mögliche Gegenmaßnahme
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid: Update to version 1.14.10, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Boldgrid ≫ Total Upkeep SwPlatformwordpress Version < 1.14.10
VulnDex Vulnerability Enrichment
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
Version
*-1.14.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.1% | 0.612 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/wp_total_upkeep_downloader.rb
https://plugins.trac.wordpress.org/changeset/2439376/boldgrid-backup
https://www.wordfence.com/threat-intel/vulnerabilities/id/86a5adaf-02b7-4b42-a048-8bc01f07656b?source=cve
https://wpscan.com/vulnerability/d35c19d9-8586-4c5b-9a01-44739cbeee19/
https://www.wordfence.com/threat-intel/vulnerabilities/id/86a5adaf-02b7-4b42-a048-8bc01f07656b