Lucene search
K

61 matches found

Cvelist
Cvelist
added 2024/05/17 8:48 a.m.27 views

CVE-2024-24869 WordPress Total Upkeep plugin <= 1.15.8 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8...

7.5CVSS7.5AI score0.00658EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.5 views

PT-2024-20625 · Boldgrid · Boldgrid Total Upkeep

Name of the Vulnerable Software and Affected Versions: BoldGrid Total Upkeep versions 1.15.8 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows Relative Path Traversal in...

7.5CVSS9.3AI score0.00658EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.3 views

WordPress plugin Total Upkeep 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A path traversal...

7.5CVSS8.7AI score0.00658EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.26 views

Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download

Description The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check in all versions up to, and including, 1.15.8. This makes it possible for unauthenticated attackers to...

5CVSS7.1AI score0.00658EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/02/02 12:0 a.m.17 views

WordPress Total Upkeep Plugin <= 1.15.8 is vulnerable to Arbitrary File Download

Software Total Upkeep Type Plugin Vulnerable versions = 1.15.8 Fixed in 1.15.9 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-24869 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 7a4ce347d2cf Credits Yudistira Arya Required privileg...

7.5CVSS6.5AI score0.00658EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/03/07 3:15 p.m.5 views

CVE-2022-4932

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2023/03/07 3:15 p.m.30 views

CVE-2022-4932

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...

4.3CVSS4.2AI score0.00572EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/03/07 3:15 p.m.3 views

CVE-2022-4932

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00572EPSS
Exploits0References3
Prion
Prion
added 2023/03/07 3:15 p.m.18 views

Authorization

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...

4CVSS4.3AI score0.00572EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/07 2:47 p.m.11 views

CVE-2022-4932 Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00572EPSS
Exploits0References2
CVE
CVE
added 2023/03/07 2:47 p.m.43 views

CVE-2022-4932

CVE-2022-4932 concerns the WordPress plugin Total Upkeep (versions up to and including 1.14.13). The root cause is missing authorization on the heartbeat_received() function triggered by WordPress heartbeat, enabling authenticated users with subscriber-level permissions and above to disclose info...

4.3CVSS4.2AI score0.00572EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.5 views

PT-2023-15919 · WordPress · Total Upkeep

Name of the Vulnerable Software and Affected Versions: Total Upkeep plugin for WordPress versions up to, and including 1.14.13 Description: The issue is related to information disclosure due to missing authorization on the heartbeat received function, which triggers on WordPress heartbeat. This...

4.3CVSS4.2AI score0.00572EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.7 views

WordPress plugin Total Upkeep 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS5.2AI score0.00572EPSS
Exploits0References3
Metasploit
Metasploit
added 2021/01/06 5:41 p.m.90 views

WordPress Total Upkeep Unauthenticated Backup Downloader

This module exploits an unauthenticated database backup vulnerability in WordPress plugin 'Boldgrid-Backup' also known as 'Total Upkeep' version use auxiliary/scanner/http/wptotalupkeepdownloader msf auxiliarywptotalupkeepdownloader show actions ...actions... msf auxiliarywptotalupkeepdownloader...

7.5CVSS6.9AI score0.01095EPSS
Exploits2
Circl
Circl
added 2021/01/05 8:10 p.m.8 views

CVE-2020-36848

creationtimestamp| type| source ---|---|--- 2021-01-05 20:10:05+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wptotalupkeepdownloader.rb 2025-10-23 21:12:59+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

7.5CVSS5.6AI score0.01095EPSS
Exploits2References1
Patchstack
Patchstack
added 2020/12/15 12:0 a.m.11 views

WordPress Total Upkeep plugin <= 1.14.9 - Unauthenticated Backup Archive Download vulnerability

Unauthenticated Backup Archive Download vulnerability found by Wadeek in WordPress Total Upkeep plugin versions = 1.14.9. Solution Update the WordPress Total Upkeep plugin to the latest available version at least 1.14.10...

3.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/12/15 12:0 a.m.10 views

WordPress Total Upkeep plugin <= 1.14.9 - Sensitive Information Disclosure vulnerability

Sensitive Data Disclosure Server IP Address, UID etc vulnerability found by Wadeek in WordPress Total Upkeep plugin versions = 1.14.9. Solution Update the WordPress Total Upkeep plugin to the latest available version at least 1.14.10...

1.7AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2020/12/14 12:0 a.m.82 views

Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download

The plugin does not restrict access to a file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them. The filepath in /wp-content/plugins/boldgrid-backup/cron/restore-info.json will reveal the internal path of the backup...

0.8AI score
Exploits0References1
Packet Storm
Packet Storm
added 2020/12/14 12:0 a.m.403 views

WordPress Total Upkeep 1.14.9 Backup Disclosure

Exploit Title: WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download Google Dork: intitle:"Index of" AND "wp-content/plugins/boldgrid-backup/=" Date: 2020-12-12 Exploit Author: Wadeek Vendor Homepage: https://www.boldgrid.com/ Software Link:...

7.4AI score
Exploits0
WPVulnDB
WPVulnDB
added 2020/12/14 12:0 a.m.13 views

Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download

The plugin does not restrict access to a file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them. PoC The filepath in /wp-content/plugins/boldgrid-backup/cron/restore-info.json will reveal the internal path of the...

2.9AI score
Exploits0References1Affected Software1
Rows per page
Query Builder