Sensitive Information Exposure in Total Upkeep WordPress Backup Plugin by BoldGrid
CVE-2020-36848

7.5HIGH

Key Information:

Vendor: WordPress
Status: Total Upkeep – WordPress Backup Plugin Plus Restore & Migrate By Boldgrid
Vendor: CVE Published:; 12 July 2025

What is CVE-2020-36848?

The Total Upkeep – WordPress Backup Plugin by BoldGrid is subject to a vulnerability that allows unauthorized access to sensitive information. Unauthenticated attackers can exploit this weakness to locate the backup files found in env-info.php and restore-info.json. As a result, these attackers could potentially download sensitive backup files, which could contain critical data, posing a significant security risk to users and their websites. It's essential for users of the plugin to apply any available updates and take necessary precautions to secure their backup files.

Affected Version(s)

Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid * <= 1.14.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wpscan.com/vulnerability/d35c19d9-8586-4c5b-9a01-...

https://raw.githubusercontent.com/rapid7/metasploit-frame...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2025
Vulnerability Reserved
Jul 11, 2025

Credit

Wadeek