BoldGrid Total Upkeep WordPress Backup Plugin Missing Authorization Vulnerability in Rollback Cancellation

A vulnerability exists in the Total Upkeep WordPress Backup Plugin by BoldGrid, specifically in versions through 1.17.1. The issue arises from a lack of proper capability checks in the 'wp_ajax_cli_cancel' function, allowing unauthenticated users to cancel pending rollbacks. This could disrupt the automatic update recovery process for WordPress installations.

Impact

Exploitation of this vulnerability can interfere with WordPress's update rollback process, potentially leaving a site in a failed update state.

Reproduction

To reproduce this vulnerability, an unauthenticated user can send a request to the 'wp_ajax_cli_cancel' action via the WordPress admin-ajax.php. This request can include a 'backup_id' parameter matching the current backup identifier, and a 'cli_cancel_secret' parameter with a one-time secret that was generated when the rollback was scheduled. The absence of a capability check allows the cancellation to proceed, even without authentication.

Remediation

Users are advised to update the Total Upkeep WordPress Backup Plugin to version 1.17.2 or later.