CVE-2024-9461

Published: Nov 26, 2024Modified: May 22, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: security@wordfence.com (Secondary)

Description

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.

Affected (1)

Products: Boldgrid: Total Upkeep

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Boldgrid Total Upkeep	Before 1.16.7

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://plugins.trac.wordpress.org/browser/boldgrid-backup/tags/1.16.5/admin/class-boldgrid-backup-admin-settings.php#L748

Source: security@wordfence.com

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/804b42a0-1cea-4f68-bd4a-d292a9f23fbe?source=cve

Source: security@wordfence.com

Third Party Advisory

Timeline

No history available yet.