Sensitive Data: WordPress Total Upkeep Database and Files Backup Download¶

Identifier: wordpress_total_upkeep_backup_download

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

WordPress Total Upkeep plugin exposes sensitive backup files, allowing attackers to download database and file backups containing sensitive information.

How we test: We test for exposed backup files in WordPress Total Upkeep by attempting to access backup download endpoints and analyzing responses to detect if database and file backups are accessible without proper authorization.

Reference:

https://www.exploit-db.com/exploits/49252

Configuration¶

Example¶

Example configuration:

---
security_tests:
  wordpress_total_upkeep_backup_download:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.