WordPress Backup Bolt plugin Arbitrary File Download Vulnerability

WordPress Backup Bolt plugin is a backup plugin for WordPress websites, mainly used to automate the backup of website data including files, databases, etc., and support the recovery function. WordPress Backup Bolt plugin has an arbitrary file download vulnerability, which stems from a flaw in the...

CVE-2025-10306

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the processbackupbatch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...

WordPress Backup Bolt plugin <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download vulnerability

Authenticated Admin+ Arbitrary File Download vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Backup Bolt versions = 1.4.1...

EUVD-2025-25879

Malicious code in bioql PyPI...

CVE-2025-10306

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the processbackupbatch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...

CVE-2025-10306

CVE-2025-10306 – Backup Bolt (WordPress) is a vulnerability in the Backup Bolt plugin affecting all versions up to and including 1.4.1. The flaw, located in process_backup_batch(), allows authenticated attackers with Administrator-level access to download directories outside the webroot and write...

CVE-2025-10306 Backup Bolt <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the processbackupbatch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...

CVE-2025-10306 Backup Bolt <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the processbackupbatch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...

EUVD-2025-32271

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the processbackupbatch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...

PT-2025-40471

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process backup batch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...

WordPress plugin Backup Bolt 安全漏洞

WordPress Backup Bolt plugin is a backup plugin for WordPress websites, mainly used to automate the backup of website data including files, databases, etc., and support the recovery function. WordPress Backup Bolt plugin has an arbitrary file download vulnerability, which stems from a flaw in the...

CVE-2025-49040

Cross-Site Request Forgery CSRF vulnerability in Backup Bolt Backup Bolt backup-bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through = 1.5.0...

CVE-2025-49040

Cross-Site Request Forgery CSRF vulnerability in Backup Bolt Backup Bolt backup-bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through = 1.5.0...

CVE-2025-49040 WordPress Backup Bolt plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Backup Bolt Backup Bolt backup-bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through = 1.5.0...

CVE-2025-49040 WordPress Backup Bolt plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Backup Bolt Backup Bolt backup-bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through = 1.5.0...

CVE-2025-49040

CVE-2025-49040 is a CSRF vulnerability in the WordPress plugin Backup Bolt. Public details indicate it affects versions up to 1.4.1 (initial description), with Patchstack noting vulnerable versions up to 1.5.0. CVSS 3.1 base score 4.3 (Medium) with network attack vector, low attack complexity, no...

PT-2025-34826 · Unknown · Backup Bolt

Name of the Vulnerable Software and Affected Versions: Backup Bolt versions through 1.4.1 Description: Backup Bolt is susceptible to a Cross-Site Request Forgery CSRF issue, which allows attackers to perform actions on behalf of authenticated users. Recommendations: Update Backup Bolt to a versio...

WordPress plugin Backup Bolt 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

WordPress Backup Bolt plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Backup Bolt versions = 1.5.0...

WordPress Backup Bolt Plugin <= 1.3.0 is vulnerable to Sensitive Data Exposure

Software Backup Bolt Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.4.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7236 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd36f15c489e Credits Dmitrii Ignatyev Required...