CVE-2020-36848 – BoldGrid WordPress Backup Plugin Sensitive Information Exposure

July 12, 2025

CVE ID : CVE-2020-36848

Published : July 12, 2025, 12:15 p.m. | 6 hours, 26 minutes ago

Description : The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2021-4458 – WordPress Modern Events Calendar Lite SQL Injection

Next Article CVE-2025-7470 – Campcodes Sales and Inventory System Remote File Upload Vulnerability

Highlights

CVE-2025-32971 – XWiki Solr Script Service Privilege Escalation

April 30, 2025

CVE ID : CVE-2025-32971

Published : April 30, 2025, 3:16 p.m. | 1 hour, 42 minutes ago

Description : XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn’t take dropped programming rights into account. The Solr script service that is accessible in XWiki’s scripting API normally requires programming rights to be called. Due to using the wrong API for checking rights, it doesn’t take the fact into account that programming rights might have been dropped by calling `$xcontext.dropPermissions()`. If some code relies on this for the safety of executing Velocity code with the wrong author context, this could allow a user with script rights to either cause a high load by indexing documents or to temporarily remove documents from the search index. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0-rc-1.

Severity: 3.8 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Amazon launches spec-driven AI IDE, Kiro

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

ChatGPT falls for another Windows license key scam — generating valid codes in a guessing game after a researcher “gives up”

Germany wants Google and Apple to ban China’s “illegal” DeepSeek AI — after it failed to comply with data protection laws

Microsoft’s extra year of free Windows 10 security updates feels like a last-minute snooze button — while groups like “The Restart Project” still want to help users

The Xbox Ally and Xbox Ally X prices may have leaked — and if true, it’s not as bad as I thought

The details of TC39’s last meeting

The details of TC39’s last meeting

Modern async iteration in JavaScript with Array.fromAsync()

Vite vs Webpack: A Guide to Choosing the Right Bundler

LocalStack is a cloud service emulator

LocalStack is a cloud service emulator

Sysdig – dig deeper

minnow – simple and fairly weak chess engine

CVE-2020-36848 – BoldGrid WordPress Backup Plugin Sensitive Information Exposure

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

Master REST API Development with .NET 9

15 Proven Benefits of Outsourcing Node.js Development for Large Organizations

OpenAI decides to reverse recent GPT-4o update after user find bot being overly appeasing

How to Monitor Kubernetes Using Prometheus and Grafana

CVE-2025-32971 – XWiki Solr Script Service Privilege Escalation

CVE-2025-46840 – Adobe Experience Manager Privilege Escalation Improper Authorization

CVE-2025-6736 – Juzaweb CMS Remote Authorization Bypass Vulnerability

CVE-2025-48841 – Apache HTTP Server Authentication Bypass

CVE-2020-36848 – BoldGrid WordPress Backup Plugin Sensitive Information Exposure

Related Posts