Total Upkeep

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2020-36848 HIGH POC PATCH THREAT Act Now

The Total Upkeep WordPress backup plugin through version 1.14.9 exposes backup file locations via env-info.php and restore-info.json. Unauthenticated attackers can discover and download complete site backups containing the database, wp-config.php with credentials, and all uploaded files.

WordPress Information Disclosure PHP Total Upkeep
NVD WPScan
CVSS 3.1
7.5
EPSS
56.2%
Threat
4.7
CVE-2025-2257 HIGH PATCH This Week

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection WordPress RCE Total Upkeep PHP
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-13907 MEDIUM PATCH This Month

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Total Upkeep
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2020-36848
EPSS 56% 4.7 CVSS 7.5
HIGH POC PATCH THREAT Act Now

The Total Upkeep WordPress backup plugin through version 1.14.9 exposes backup file locations via env-info.php and restore-info.json. Unauthenticated attackers can discover and download complete site backups containing the database, wp-config.php with credentials, and all uploaded files.

WordPress Information Disclosure PHP +1
NVD WPScan
CVE-2025-2257
EPSS 2% CVSS 7.2
HIGH PATCH This Week

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection WordPress RCE +2
NVD GitHub
CVE-2024-13907
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Total Upkeep
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy