CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_cli_cancel' function in all versions up to, and including, 1.17.1. This makes it possible for unauthenticated attackers to cancel a pending rollback, potentially preventing a WordPress installation from automatically reverting a failed update.
Explanation of Vulnerability in Simple Terms
The Total Upkeep backup plugin for WordPress does not properly check user permissions before allowing certain actions. An unauthenticated attacker can modify site data without logging in. This affects all versions up to 1.17.1. Site owners should update immediately to a patched version.
What an attacker can do
Modify site data without authentication or user account.
Potential impact on your site
Attackers can alter site content or settings without your knowledge or permission.
Conditions required to exploit
Network access to the WordPress site; no authentication required.
Key dates
External resources
Related vulnerabilities
