CVE-2024-13907

Name of the Vulnerable Software and Affected Versions The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid versions prior to 1.16.9

Description The issue allows authenticated attackers with Administrator-level access and above to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services via the download function.

Recommendations For versions prior to 1.16.9, update to version 1.16.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the download function to minimize the risk of exploitation.