CVE-2025-10306
BaseFortify
Publication date: 2025-10-03
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | backup_bolt | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Backup Bolt plugin for WordPress allows authenticated users with Administrator-level access or higher to download files from directories outside the webroot and to write backup zip files to arbitrary locations on the server. This occurs through the process_backup_batch() function in versions up to and including 1.4.1.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with Administrator-level access to download sensitive files from the server that are outside the webroot, potentially exposing confidential data. Additionally, the attacker can write backup zip files to arbitrary locations, which could be used to overwrite important files or place malicious files on the server, leading to data integrity issues or further exploitation.