61 matches found
CVE-2024-24869 WordPress Total Upkeep plugin <= 1.15.8 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8...
PT-2024-20625 · Boldgrid · Boldgrid Total Upkeep
Name of the Vulnerable Software and Affected Versions: BoldGrid Total Upkeep versions 1.15.8 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows Relative Path Traversal in...
WordPress plugin Total Upkeep 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A path traversal...
Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download
Description The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check in all versions up to, and including, 1.15.8. This makes it possible for unauthenticated attackers to...
WordPress Total Upkeep Plugin <= 1.15.8 is vulnerable to Arbitrary File Download
Software Total Upkeep Type Plugin Vulnerable versions = 1.15.8 Fixed in 1.15.9 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-24869 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 7a4ce347d2cf Credits Yudistira Arya Required privileg...
CVE-2022-4932
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4932
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4932
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
Authorization
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4932 Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4932
CVE-2022-4932 concerns the WordPress plugin Total Upkeep (versions up to and including 1.14.13). The root cause is missing authorization on the heartbeat_received() function triggered by WordPress heartbeat, enabling authenticated users with subscriber-level permissions and above to disclose info...
PT-2023-15919 · WordPress · Total Upkeep
Name of the Vulnerable Software and Affected Versions: Total Upkeep plugin for WordPress versions up to, and including 1.14.13 Description: The issue is related to information disclosure due to missing authorization on the heartbeat received function, which triggers on WordPress heartbeat. This...
WordPress plugin Total Upkeep 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Total Upkeep Unauthenticated Backup Downloader
This module exploits an unauthenticated database backup vulnerability in WordPress plugin 'Boldgrid-Backup' also known as 'Total Upkeep' version use auxiliary/scanner/http/wptotalupkeepdownloader msf auxiliarywptotalupkeepdownloader show actions ...actions... msf auxiliarywptotalupkeepdownloader...
CVE-2020-36848
creationtimestamp| type| source ---|---|--- 2021-01-05 20:10:05+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wptotalupkeepdownloader.rb 2025-10-23 21:12:59+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
WordPress Total Upkeep plugin <= 1.14.9 - Unauthenticated Backup Archive Download vulnerability
Unauthenticated Backup Archive Download vulnerability found by Wadeek in WordPress Total Upkeep plugin versions = 1.14.9. Solution Update the WordPress Total Upkeep plugin to the latest available version at least 1.14.10...
WordPress Total Upkeep plugin <= 1.14.9 - Sensitive Information Disclosure vulnerability
Sensitive Data Disclosure Server IP Address, UID etc vulnerability found by Wadeek in WordPress Total Upkeep plugin versions = 1.14.9. Solution Update the WordPress Total Upkeep plugin to the latest available version at least 1.14.10...
Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download
The plugin does not restrict access to a file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them. The filepath in /wp-content/plugins/boldgrid-backup/cron/restore-info.json will reveal the internal path of the backup...
WordPress Total Upkeep 1.14.9 Backup Disclosure
Exploit Title: WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download Google Dork: intitle:"Index of" AND "wp-content/plugins/boldgrid-backup/=" Date: 2020-12-12 Exploit Author: Wadeek Vendor Homepage: https://www.boldgrid.com/ Software Link:...
Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download
The plugin does not restrict access to a file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them. PoC The filepath in /wp-content/plugins/boldgrid-backup/cron/restore-info.json will reveal the internal path of the...