Home

Description

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process_backup_batch() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download directories outside of the webroot and write backup zip files to arbitrary locations.

PUBLISHED Reserved 2025-09-11 | Published 2025-10-03 | Updated 2025-10-03 | Assigner Wordfence




LOW: 3.8CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-73 External Control of File Name or Path

Product status

Default status
unaffected

*
affected

Timeline

2025-10-02:Disclosed

Credits

Jonas Benjamin Friedli finder

References

www.wordfence.com/...-a021-407a-9882-2c8435849c08?source=cve

wordpress.org/plugins/backup-bolt/

cve.org (CVE-2025-10306)

nvd.nist.gov (CVE-2025-10306)

Download JSON