BoldGrid Total Upkeep Plugin Vulnerable to Remote Code Execution
CVE-2024-9461

Currently unrated

Key Information:

Vendor: Wordpress
Status: Total Upkeep
Vendor: CVE Published:; 26 November 2024

What is CVE-2024-9461?

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid is susceptible to a remote code execution issue, allowing authenticated attackers with Administrator-level access to execute arbitrary code on the server. This vulnerability arises from inadequate input validation and sanitization of the cron_interval parameter. It affects all versions up to and including 1.16.6, making it imperative for users to apply necessary updates and security patches to mitigate potential exploitation.

References

https://plugins.trac.wordpress.org/browser/boldgrid-backu...

https://www.wordfence.com/threat-intel/vulnerabilities/id...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2024

Wordpress

What is CVE-2024-9461?

References

Timeline