Vulnerability Description
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Boldgrid | Total Upkeep | < 1.14.10 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2439376/boldgrid-backupPatch
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxExploit
- https://wpscan.com/vulnerability/d35c19d9-8586-4c5b-9a01-44739cbeee19/ExploitThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/86a5adaf-02b7-4b42-a04Third Party Advisory
FAQ
What is CVE-2020-36848?
CVE-2020-36848 is a vulnerability with a CVSS score of 7.5 (HIGH). The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the ...
How severe is CVE-2020-36848?
CVE-2020-36848 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36848?
Check the references section above for vendor advisories and patch information. Affected products include: Boldgrid Total Upkeep.