GCVE - cpe:2.3:a:boldgrid:total_upkeep:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:boldgrid:total_upkeep:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Boldgrid (`e666f6db-1a27-599c-be4b-0dab80fb37d2`)
Product	Total Upkeep (`59bf0696-26ed-5fb2-a8e7-a4500cb8c0fd`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2257`	vulnerable	2026-06-03 15:00:25.047106	Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection HIGH (7.2) The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. Published: 2025-03-26T08:21:49.944Z Updated: 2026-04-08T16:40:53.250Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec3cc3e-c11b-43b6-9dd0-caa5ccfb90c8?source=cve https://plugins.svn.wordpress.org/boldgrid-backup/tags/1.16.7/admin/compressor/class-boldgrid-backup-admin-compressor-system-zip.php https://github.com/BoldGrid/boldgrid-backup/pull/622/files https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257988%40boldgrid-backup&new=3257988%40boldgrid-backup&sfp_email=&sfph_mail=#file9	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9461`	vulnerable	2026-06-03 14:58:21.541486	Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings HIGH (7.2) The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. Published: 2024-11-26T13:56:54.220Z Updated: 2026-04-08T17:03:32.841Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/804b42a0-1cea-4f68-bd4a-d292a9f23fbe?source=cve https://plugins.trac.wordpress.org/browser/boldgrid-backup/tags/1.16.5/admin/class-boldgrid-backup-admin-settings.php#L748	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-24869`	vulnerable	2026-06-03 14:55:05.969130	WordPress Total Upkeep plugin <= 1.15.8 - Arbitrary File Download vulnerability HIGH (7.5) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8. Published: 2024-05-17T08:48:22.714Z Updated: 2026-04-28T16:09:10.985Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/boldgrid-backup/wordpress-total-upkeep-plugin-1-15-8-arbitrary-file-download-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13907`	vulnerable	2026-06-03 14:54:25.712872	Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.8 - Authenticated (Administrator+) Server-Side Request Forgery MEDIUM (4.9) The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Published: 2025-02-27T06:48:38.602Z Updated: 2026-04-08T16:41:31.492Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/21da92d2-c38d-4a12-b850-bd0b580aaa54?source=cve https://plugins.trac.wordpress.org/browser/boldgrid-backup/trunk/includes/class-boldgrid-backup-archive-fetcher.php#L141 https://plugins.trac.wordpress.org/changeset/3246655/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-4932`	vulnerable	2026-06-03 14:48:43.386868	Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure MEDIUM (4.3) The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up. Published: 2023-03-07T14:47:47.177Z Updated: 2026-04-08T16:35:24.936Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/0e346146-1c00-4e03-a6c7-372566d7ffc9?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2684462%40boldgrid-backup&new=2684462%40boldgrid-backup&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36848`	vulnerable	2026-06-03 14:42:40.041443	Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download HIGH (7.5) The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them. Published: 2025-07-12T11:23:39.932Z Updated: 2026-04-08T17:04:51.635Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/86a5adaf-02b7-4b42-a048-8bc01f07656b?source=cve https://wpscan.com/vulnerability/d35c19d9-8586-4c5b-9a01-44739cbeee19/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/wp_total_upkeep_downloader.rb https://plugins.trac.wordpress.org/changeset/2439376/boldgrid-backup	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.