CVE-2024-9461
HIGHTotal Upkeep - WordPress Backup Plugin < 1.16.7 - Authenticated Remote Code Execution via cron_interval Parameter
Title source: llmDescription
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.
References (2)
Core 2
Scores
CVSS v3
7.2
EPSS
0.0101
EPSS Percentile
58.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (2)
boldgrid/Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
< 1.16.6
boldgrid/total_upkeep
< 1.16.7
Published
Nov 26, 2024
Tracked Since
Feb 18, 2026