CVE-2025-34084: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in BoldGrid Total Upkeep (BoldGrid Backup) WordPress Plugin
An unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep plugin (also known as BoldGrid Backup) prior to version 1.14.10. The plugin exposes multiple endpoints that allow unauthenticated users to retrieve detailed server configuration (env-info.php) and discover backup metadata (restore-info.json). These backups, which may include full SQL database dumps, are accessible without authentication if their paths are known or guessed. The restore-info.json endpoint discloses the absolute filesystem path of the latest backup, which attackers can convert into a web-accessible URL under wp-content/uploads/ and download. Extracting the database archive may yield credential hashes from the wp_users table, facilitating offline password cracking or credential stuffing attacks.
AI Analysis
Technical Summary
CVE-2025-34084 is a critical unauthenticated information disclosure vulnerability in the BoldGrid Total Upkeep WordPress plugin (also known as BoldGrid Backup) affecting all versions prior to 1.14.10. The vulnerability arises because the plugin exposes multiple endpoints without requiring authentication, allowing attackers to retrieve sensitive server configuration details and backup metadata. Specifically, the env-info.php endpoint leaks detailed server environment information, while the restore-info.json endpoint reveals the absolute filesystem path of the latest backup. Since backups may include full SQL database dumps, an attacker who obtains the backup path can construct a web-accessible URL under the wp-content/uploads/ directory to download the backup archive. Extracting this archive can expose credential hashes from the wp_users table, enabling offline password cracking or credential stuffing attacks. The vulnerability has a CVSS 4.0 base score of 9.2 (critical), reflecting its high impact and ease of exploitation: no authentication or user interaction is required, and the attack surface is broad due to the public accessibility of the endpoints. The exposure of sensitive information (CWE-200) combined with missing authentication controls (CWE-306) significantly compromises confidentiality and potentially the integrity of WordPress sites using this plugin. Although no known exploits are reported in the wild yet, the vulnerability's nature makes it a prime target for attackers seeking to escalate access or move laterally within compromised environments.
Potential Impact
For European organizations using WordPress sites with the BoldGrid Total Upkeep plugin, this vulnerability poses a severe risk. Unauthorized disclosure of server configuration and backup data can lead to credential compromise, enabling attackers to gain administrative access to websites and potentially pivot to internal networks. This can result in data breaches involving personal data protected under GDPR, leading to regulatory penalties and reputational damage. The availability of full database dumps may also expose sensitive customer or business data, increasing the risk of identity theft, fraud, and intellectual property loss. Given the widespread use of WordPress in Europe across sectors such as e-commerce, government, education, and media, the vulnerability could disrupt critical online services and erode trust. Additionally, the ease of exploitation without authentication means that automated scanning and mass exploitation campaigns could rapidly affect multiple European organizations if patches are not applied promptly.
Mitigation Recommendations
European organizations should immediately verify if their WordPress installations use the BoldGrid Total Upkeep plugin and identify the plugin version. If vulnerable versions are detected, they must upgrade to version 1.14.10 or later where the issue is patched. Until patching is possible, organizations should restrict access to the affected endpoints (env-info.php and restore-info.json) via web server configuration or firewall rules, limiting access to trusted IPs or requiring authentication. Regularly auditing backup storage locations to ensure backups are not publicly accessible is critical. Implementing web application firewalls (WAFs) with rules to detect and block requests targeting these endpoints can provide additional protection. Organizations should also monitor logs for unusual access patterns to these endpoints and conduct credential audits to detect potential compromise. Finally, enforcing strong password policies and multi-factor authentication on WordPress admin accounts will reduce the impact of leaked credential hashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-34084: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in BoldGrid Total Upkeep (BoldGrid Backup) WordPress Plugin
Description
An unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep plugin (also known as BoldGrid Backup) prior to version 1.14.10. The plugin exposes multiple endpoints that allow unauthenticated users to retrieve detailed server configuration (env-info.php) and discover backup metadata (restore-info.json). These backups, which may include full SQL database dumps, are accessible without authentication if their paths are known or guessed. The restore-info.json endpoint discloses the absolute filesystem path of the latest backup, which attackers can convert into a web-accessible URL under wp-content/uploads/ and download. Extracting the database archive may yield credential hashes from the wp_users table, facilitating offline password cracking or credential stuffing attacks.
AI-Powered Analysis
Technical Analysis
CVE-2025-34084 is a critical unauthenticated information disclosure vulnerability in the BoldGrid Total Upkeep WordPress plugin (also known as BoldGrid Backup) affecting all versions prior to 1.14.10. The vulnerability arises because the plugin exposes multiple endpoints without requiring authentication, allowing attackers to retrieve sensitive server configuration details and backup metadata. Specifically, the env-info.php endpoint leaks detailed server environment information, while the restore-info.json endpoint reveals the absolute filesystem path of the latest backup. Since backups may include full SQL database dumps, an attacker who obtains the backup path can construct a web-accessible URL under the wp-content/uploads/ directory to download the backup archive. Extracting this archive can expose credential hashes from the wp_users table, enabling offline password cracking or credential stuffing attacks. The vulnerability has a CVSS 4.0 base score of 9.2 (critical), reflecting its high impact and ease of exploitation: no authentication or user interaction is required, and the attack surface is broad due to the public accessibility of the endpoints. The exposure of sensitive information (CWE-200) combined with missing authentication controls (CWE-306) significantly compromises confidentiality and potentially the integrity of WordPress sites using this plugin. Although no known exploits are reported in the wild yet, the vulnerability's nature makes it a prime target for attackers seeking to escalate access or move laterally within compromised environments.
Potential Impact
For European organizations using WordPress sites with the BoldGrid Total Upkeep plugin, this vulnerability poses a severe risk. Unauthorized disclosure of server configuration and backup data can lead to credential compromise, enabling attackers to gain administrative access to websites and potentially pivot to internal networks. This can result in data breaches involving personal data protected under GDPR, leading to regulatory penalties and reputational damage. The availability of full database dumps may also expose sensitive customer or business data, increasing the risk of identity theft, fraud, and intellectual property loss. Given the widespread use of WordPress in Europe across sectors such as e-commerce, government, education, and media, the vulnerability could disrupt critical online services and erode trust. Additionally, the ease of exploitation without authentication means that automated scanning and mass exploitation campaigns could rapidly affect multiple European organizations if patches are not applied promptly.
Mitigation Recommendations
European organizations should immediately verify if their WordPress installations use the BoldGrid Total Upkeep plugin and identify the plugin version. If vulnerable versions are detected, they must upgrade to version 1.14.10 or later where the issue is patched. Until patching is possible, organizations should restrict access to the affected endpoints (env-info.php and restore-info.json) via web server configuration or firewall rules, limiting access to trusted IPs or requiring authentication. Regularly auditing backup storage locations to ensure backups are not publicly accessible is critical. Implementing web application firewalls (WAFs) with rules to detect and block requests targeting these endpoints can provide additional protection. Organizations should also monitor logs for unusual access patterns to these endpoints and conduct credential audits to detect potential compromise. Finally, enforcing strong password policies and multi-factor authentication on WordPress admin accounts will reduce the impact of leaked credential hashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-04-15T19:15:22.551Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 686dc4ce6f40f0eb72fd1887
Added to database: 7/9/2025, 1:24:30 AM
Last enriched: 7/9/2025, 1:39:44 AM
Last updated: 7/9/2025, 8:04:22 AM
Views: 7
Related Threats
CVE-2025-3499: CWE-78: Improper Neutralization of Special Elements used in an OS Command (’OS Command Injection’) in Radiflow iSAP Smart Collector
CriticalCVE-2025-3498: CWE-306: Missing Authentication for Critical Function in Radiflow iSAP Smart Collector
CriticalCVE-2025-27028: CWE-266: Incorrect Privilege Assignment in Radiflow iSAP Smart Collector
MediumCVE-2025-27027: CWE-653 Improper Isolation or Compartmentalization in Radiflow iSAP Smart Collector
MediumCVE-2025-7379: CWE-352 Cross-Site Request Forgery (CSRF) in ASUSTOR ADM
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.