Skip to main content

CVE-2025-34084: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in BoldGrid Total Upkeep (BoldGrid Backup) WordPress Plugin

Critical
VulnerabilityCVE-2025-34084cvecve-2025-34084cwe-200cwe-306
Published: Wed Jul 09 2025 (07/09/2025, 00:49:52 UTC)
Source: CVE Database V5
Vendor/Project: BoldGrid
Product: Total Upkeep (BoldGrid Backup) WordPress Plugin

Description

An unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep plugin (also known as BoldGrid Backup) prior to version 1.14.10. The plugin exposes multiple endpoints that allow unauthenticated users to retrieve detailed server configuration (env-info.php) and discover backup metadata (restore-info.json). These backups, which may include full SQL database dumps, are accessible without authentication if their paths are known or guessed. The restore-info.json endpoint discloses the absolute filesystem path of the latest backup, which attackers can convert into a web-accessible URL under wp-content/uploads/ and download. Extracting the database archive may yield credential hashes from the wp_users table, facilitating offline password cracking or credential stuffing attacks.

AI-Powered Analysis

AILast updated: 07/09/2025, 01:39:44 UTC

Technical Analysis

CVE-2025-34084 is a critical unauthenticated information disclosure vulnerability in the BoldGrid Total Upkeep WordPress plugin (also known as BoldGrid Backup) affecting all versions prior to 1.14.10. The vulnerability arises because the plugin exposes multiple endpoints without requiring authentication, allowing attackers to retrieve sensitive server configuration details and backup metadata. Specifically, the env-info.php endpoint leaks detailed server environment information, while the restore-info.json endpoint reveals the absolute filesystem path of the latest backup. Since backups may include full SQL database dumps, an attacker who obtains the backup path can construct a web-accessible URL under the wp-content/uploads/ directory to download the backup archive. Extracting this archive can expose credential hashes from the wp_users table, enabling offline password cracking or credential stuffing attacks. The vulnerability has a CVSS 4.0 base score of 9.2 (critical), reflecting its high impact and ease of exploitation: no authentication or user interaction is required, and the attack surface is broad due to the public accessibility of the endpoints. The exposure of sensitive information (CWE-200) combined with missing authentication controls (CWE-306) significantly compromises confidentiality and potentially the integrity of WordPress sites using this plugin. Although no known exploits are reported in the wild yet, the vulnerability's nature makes it a prime target for attackers seeking to escalate access or move laterally within compromised environments.

Potential Impact

For European organizations using WordPress sites with the BoldGrid Total Upkeep plugin, this vulnerability poses a severe risk. Unauthorized disclosure of server configuration and backup data can lead to credential compromise, enabling attackers to gain administrative access to websites and potentially pivot to internal networks. This can result in data breaches involving personal data protected under GDPR, leading to regulatory penalties and reputational damage. The availability of full database dumps may also expose sensitive customer or business data, increasing the risk of identity theft, fraud, and intellectual property loss. Given the widespread use of WordPress in Europe across sectors such as e-commerce, government, education, and media, the vulnerability could disrupt critical online services and erode trust. Additionally, the ease of exploitation without authentication means that automated scanning and mass exploitation campaigns could rapidly affect multiple European organizations if patches are not applied promptly.

Mitigation Recommendations

European organizations should immediately verify if their WordPress installations use the BoldGrid Total Upkeep plugin and identify the plugin version. If vulnerable versions are detected, they must upgrade to version 1.14.10 or later where the issue is patched. Until patching is possible, organizations should restrict access to the affected endpoints (env-info.php and restore-info.json) via web server configuration or firewall rules, limiting access to trusted IPs or requiring authentication. Regularly auditing backup storage locations to ensure backups are not publicly accessible is critical. Implementing web application firewalls (WAFs) with rules to detect and block requests targeting these endpoints can provide additional protection. Organizations should also monitor logs for unusual access patterns to these endpoints and conduct credential audits to detect potential compromise. Finally, enforcing strong password policies and multi-factor authentication on WordPress admin accounts will reduce the impact of leaked credential hashes.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulnCheck
Date Reserved
2025-04-15T19:15:22.551Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 686dc4ce6f40f0eb72fd1887

Added to database: 7/9/2025, 1:24:30 AM

Last enriched: 7/9/2025, 1:39:44 AM

Last updated: 7/9/2025, 5:15:27 AM

Views: 6

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats