CVE-2025-2257

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
26/03/2025
Last modified:
22/05/2025

Description

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:boldgrid:total_upkeep:*:*:*:*:*:wordpress:*:* 1.17.0 (excluding)