BoldGrid Total Upkeep Plugin Vulnerable to Remote Code Execution
CVE-2024-9461

7.2HIGH

Key Information:

Vendor: WordPress
Status: Total Upkeep – WordPress Backup Plugin Plus Restore & Migrate By Boldgrid
Vendor: CVE Published:; 26 November 2024

What is CVE-2024-9461?

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid is susceptible to a remote code execution issue, allowing authenticated attackers with Administrator-level access to execute arbitrary code on the server. This vulnerability arises from inadequate input validation and sanitization of the cron_interval parameter. It affects all versions up to and including 1.16.6, making it imperative for users to apply necessary updates and security patches to mitigate potential exploitation.

Affected Version(s)

Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid 0 <= 1.16.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/boldgrid-backu...

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2024

CVE-2024-9461 Data

JSON