{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2257", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-12T17:02:11.164Z", "datePublished": "2025-03-26T08:21:49.944Z", "dateUpdated": "2026-04-08T16:40:53.250Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:40:53.250Z"}, "affected": [{"vendor": "boldgrid", "product": "Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.16.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server."}], "title": "Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec3cc3e-c11b-43b6-9dd0-caa5ccfb90c8?source=cve"}, {"url": "https://plugins.svn.wordpress.org/boldgrid-backup/tags/1.16.7/admin/compressor/class-boldgrid-backup-admin-compressor-system-zip.php"}, {"url": "https://github.com/BoldGrid/boldgrid-backup/pull/622/files"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257988%40boldgrid-backup&new=3257988%40boldgrid-backup&sfp_email=&sfph_mail=#file9"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "cweId": "CWE-78", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dzmitry Sviatlichny"}], "timeline": [{"time": "2025-03-25T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-26T14:19:57.488488Z", "id": "CVE-2025-2257", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T14:22:06.539Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2257", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-26T14:19:57.488488Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T14:21:06.268Z"}}], "cna": {"title": "Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection", "credits": [{"lang": "en", "type": "finder", "value": "Dzmitry Sviatlichny"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "boldgrid", "product": "Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.16.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-25T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec3cc3e-c11b-43b6-9dd0-caa5ccfb90c8?source=cve"}, {"url": "https://plugins.svn.wordpress.org/boldgrid-backup/tags/1.16.7/admin/compressor/class-boldgrid-backup-admin-compressor-system-zip.php"}, {"url": "https://github.com/BoldGrid/boldgrid-backup/pull/622/files"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257988%40boldgrid-backup&new=3257988%40boldgrid-backup&sfp_email=&sfph_mail=#file9"}], "descriptions": [{"lang": "en", "value": "The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-03-26T08:21:49.944Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2257", "state": "PUBLISHED", "dateUpdated": "2025-03-26T14:22:06.539Z", "dateReserved": "2025-03-12T17:02:11.164Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-26T08:21:49.944Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:boldgrid:total_upkeep:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D379305B-4F5A-42B8-B5A7-5492FA2C9957", "versionEndExcluding": "1.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server."}, {"lang": "es", "value": "El complemento Total Upkeep \u2013 WordPress Backup Plugin plus Restore &amp; Migrate de BoldGrid para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo en todas las versiones hasta la 1.16.10 incluida, a trav\u00e9s de la configuraci\u00f3n compression_level. Esto se debe a que el complemento utiliza la configuraci\u00f3n compression_level en proc_open() sin ninguna validaci\u00f3n. Esto permite que atacantes autenticados, con acceso de administrador o superior, ejecuten c\u00f3digo en el servidor."}], "id": "CVE-2025-2257", "lastModified": "2025-05-22T14:43:29.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-03-26T09:15:16.647", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://github.com/BoldGrid/boldgrid-backup/pull/622/files"}, {"source": "security@wordfence.com", "tags": ["Release Notes"], "url": "https://plugins.svn.wordpress.org/boldgrid-backup/tags/1.16.7/admin/compressor/class-boldgrid-backup-admin-compressor-system-zip.php"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257988%40boldgrid-backup&new=3257988%40boldgrid-backup&sfp_email=&sfph_mail=#file9"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec3cc3e-c11b-43b6-9dd0-caa5ccfb90c8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T17:41:24.734646+00:00", "value": {"mitigation_remediation": ["Upgrade the Total Upkeep plugin to the latest release (version\u202f\u2265\u202f1.16.11).", "If an immediate upgrade is not feasible, modify the compression component so that the compression_level value is hard\u2011coded to a safe constant or disable the proc_open call entirely, thereby preventing arbitrary command execution.", "Ensure that only trusted administrators have access to edit the plugin files and regularly audit administrator accounts for unauthorized changes."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All releases of the plugin through version 1.16.10 are affected. The vulnerability targets the Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid, a WordPress plugin available on WordPress.org.", "description_and_impact": "The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid accepts a user\u2011supplied compression_level value and passes it directly to PHP\u2019s proc_open without validation, creating a command injection flaw identified as CWE\u201178. An authenticated administrator can supply arbitrary shell commands through this parameter, enabling the attacker to execute code with the privileges of the web server process and potentially compromise the entire site.", "risk_and_exploitability": "The CVSS base score of 7.2 indicates severe impact, while an EPSS score of 2\u2009% suggests that exploitation is possible but not yet widespread. The flaw requires administrator privileges, so an attacker must obtain or compromise an admin account. Although the vulnerability is not yet listed in the CISA KEV catalog, its high potential impact makes it a priority for remediation."}}}}, "created": "2026-04-22T17:45:22.925346+00:00", "updated": "2026-04-22T17:45:22.925365+00:00", "vendors": []}