Skip to main content

Total Upkeep

6 CVEs product

Monthly

CVE-2020-36848 HIGH POC PATCH THREAT Act Now

The Total Upkeep WordPress backup plugin through version 1.14.9 exposes backup file locations via env-info.php and restore-info.json. Unauthenticated attackers can discover and download complete site backups containing the database, wp-config.php with credentials, and all uploaded files.

WordPress Information Disclosure PHP Total Upkeep
NVD WPScan
CVSS 3.1
7.5
EPSS
56.2%
Threat
4.7
CVE-2025-2257 HIGH PATCH This Week

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection WordPress RCE Total Upkeep PHP
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-13907 MEDIUM PATCH This Month

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Total Upkeep
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-9461 HIGH This Week

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Command Injection Total Upkeep
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-24869 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.15.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Total Upkeep
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-4932 MEDIUM PATCH This Month

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Information Disclosure Total Upkeep
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
EPSS 56% 4.7 CVSS 7.5
HIGH POC PATCH THREAT Act Now

The Total Upkeep WordPress backup plugin through version 1.14.9 exposes backup file locations via env-info.php and restore-info.json. Unauthenticated attackers can discover and download complete site backups containing the database, wp-config.php with credentials, and all uploaded files.

WordPress Information Disclosure PHP +1
NVD WPScan
EPSS 2% CVSS 7.2
HIGH PATCH This Week

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection WordPress RCE +2
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Total Upkeep
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Command Injection +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.15.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Total Upkeep
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Information Disclosure +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy