CVE-2025-10306 - Vulnerability Details

- Backup Bolt <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download

Description

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process_backup_batch() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download directories outside of the webroot and write backup zip files to arbitrary locations.

Published: 2025-10-03

Score: 3.8 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Backup Bolt plugin for WordPress contains a flaw in the process_backup_batch() function that lets an authenticated user with Administrator rights download files from outside the web root and write backup zip archives to arbitrary paths. This enables disclosure of sensitive files and uncontrolled storage of potentially malicious archives, exposing both confidentiality and integrity of the application and underlying server. The weakness is identified as CWE-73.

Affected Systems

All WordPress sites running Backup Bolt version 1.4.1 or earlier are affected. The vulnerability applies to any installation where the plugin is activated and administrative access is available.

Risk and Exploitability

The measured CVSS score of 3.8 indicates low overall severity, and the EPSS score of less than 1% suggests a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploit requires authenticated Administrator-level access, and the attacker can use the backup functionality to specify arbitrary file paths, making the attack vector likely to involve an insider or compromised administrator account rather than external traffic.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

backupbolt

Backup Bolt

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.4.1

No data.

Vendor	Product	Confidence	Versions
Backupbolt	Backup Bolt	—	—
Wordpress	Wordpress	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Backup Bolt to a version newer than 1.4.1 once available
Restrict administrator privileges to trusted users and enforce least privilege
Disable or restrict the backup functionality for non-essential accounts

Generated by OpenCVE AI on April 22, 2026 at 13:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-32271	The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process_backup_batch() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download directories outside of the webroot and write backup zip files to arbitrary locations.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3373151%40backup-bolt&new=3373151%40backup-bolt&sfp_email=&sfph_mail=
https://wordpress.org/plugins/backup-bolt/
https://www.wordfence.com/threat-intel/vulnerabilities/id/63f38644-a021-407a-9882-2c8435849c08?source=cve

History

Wed, 08 Apr 2026 17:45:00 +0000

Type	Values Removed	Values Added
References		https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3373151%40backup-bolt&new=3373151%40backup-bolt&sfp_email=&sfph_mail=

Mon, 06 Oct 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Backupbolt Backupbolt backup Bolt Wordpress Wordpress wordpress
Vendors & Products		Backupbolt Backupbolt backup Bolt Wordpress Wordpress wordpress

Fri, 03 Oct 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 03 Oct 2025 11:30:00 +0000

Type	Values Removed	Values Added
Description		The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process_backup_batch() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download directories outside of the webroot and write backup zip files to arbitrary locations.
Title		Backup Bolt <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download
Weaknesses		CWE-73
References		https://wordpress.org/plugins/backup-bolt/ https://www.wordfence.com/threat-intel/vulnerabilities/id/63f38644-a021-407a-9882-2c8435849c08?source=cve
Metrics		cvssV3_1 `{'score': 3.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N'}`

Subscriptions

Backupbolt Backup Bolt

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-10-03T11:17:13.538Z

Updated: 2026-04-08T16:57:27.068Z

Reserved: 2025-09-11T22:18:40.873Z

Link: CVE-2025-10306

Vulnrichment

Updated: 2025-10-03T18:11:39.591Z

NVD

Status : Deferred

Published: 2025-10-03T12:15:42.457

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-10306

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-22T13:30:17Z

Weaknesses

CWE-73

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object