177 matches found
Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download
Description The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check in all versions up to, and including, 1.15.8. This makes it possible for unauthenticated attackers to...
Post and Page Builder by BoldGrid < 1.24.2 - Editor Settings Update via CSRF
Description The plugin does not have CSRF check when updating the plugin's preferred editor settings, which could allow attackers to make logged in admin perform such action via a CSRF attack...
CVE-2023-25480
Cross-Site Request Forgery CSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin = 1.24.1 versions...
CVE-2023-25480
Cross-Site Request Forgery CSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin = 1.24.1 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin = 1.24.1 versions...
CVE-2023-25480
CVE-2023-25480 describes a Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor for WordPress. The issue affects versions = 1.24.2. Reported impact categories in the sources include potential unauthorized actions performed on ...
CVE-2023-25480 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin = 1.24.1 versions...
CVE-2023-25480 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin = 1.24.1 versions...
PT-2023-20099 · Boldgrid · Post/Page Builder By Boldgrid
Name of the Vulnerable Software and Affected Versions: BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin versions = 1.24.1 Description: A Cross-Site Request Forgery CSRF issue affects the plugin, allowing unauthorized actions to be performed on behalf of the user...
WordPress Plugin Post and Page Builder by BoldGrid - Visual Drag and Drop Editor Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Post and Page Builder...
WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Type Plugin Vulnerable versions = 1.24.1 Fixed in 1.24.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25480 Patch priority Low CVSS severity Low 4.3 Developer Claim...
WordPress Total Upkeep Unauthenticated Backup Downloader
This module exploits an unauthenticated database backup vulnerability in WordPress plugin 'Boldgrid-Backup' also known as 'Total Upkeep' version use auxiliary/scanner/http/wptotalupkeepdownloader msf auxiliarywptotalupkeepdownloader show actions ...actions... msf auxiliarywptotalupkeepdownloader...
WordPress Total Upkeep 1.14.9 Backup Disclosure
Exploit Title: WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download Google Dork: intitle:"Index of" AND "wp-content/plugins/boldgrid-backup/=" Date: 2020-12-12 Exploit Author: Wadeek Vendor Homepage: https://www.boldgrid.com/ Software Link:...
Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download
The plugin does not restrict access to a file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them. The filepath in /wp-content/plugins/boldgrid-backup/cron/restore-info.json will reveal the internal path of the backup...
Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download
The plugin does not restrict access to a file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them. PoC The filepath in /wp-content/plugins/boldgrid-backup/cron/restore-info.json will reveal the internal path of the...
Total Upkeep by BoldGrid < 1.14.10 - Sensitive Data Disclosure (Server IP Address, UID etc)
The plugin does not restrict access to a file containing sensitive information, such as the real server IP address, UID and so on, which may help attackers in further attacks. GET /wp-content/plugins/boldgrid-backup/cli/env-info.php ..., "phpuname":"Linux wordpress-server X.X.X-XX-generic XX-Ubun...
WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
Exploit Title: WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download Google Dork: intitle:"Index of" AND "wp-content/plugins/boldgrid-backup/=" Date: 2020-12-12 Exploit Author: Wadeek Vendor Homepage: https://www.boldgrid.com/ Software Link:...