CVE-2020-36848
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-12

Last updated on: 2025-07-29

Assigner: Wordfence

Description
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-12
Last Modified
2025-07-29
Generated
2026-05-07
AI Q&A
2025-07-12
EPSS Evaluated
2026-05-05
NVD
CVE-2020-36848
EUVD
EUVD-2020-30799
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
boldgrid total_upkeep to 1.14.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in the Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid allows unauthenticated attackers to access sensitive information by exploiting the env-info.php and restore-info.json files. This exposure lets attackers find the location of backup files and download them without authorization.


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized disclosure of backup files, which may contain sensitive data. Attackers can download these backups, potentially leading to data breaches and exposure of confidential information.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart