CVE-2026-3143

Name of the Vulnerable Software and Affected Versions Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid versions prior to 1.17.2

Description The plugin is susceptible to unauthorized data modification because the wp ajax cli cancel() function lacks a proper capability check. This allows unauthenticated attackers to cancel a pending rollback, which may prevent a WordPress installation from automatically reverting a failed update.

Recommendations Update to a version later than 1.17.1. As a temporary workaround, restrict access to the wp ajax cli cancel() function until the update is applied.