CVE-2026-3143
MEDIUM
5.3
Our Analysis: General Purpose
Our model has classified this vulnerability as relevant to General Purpose Systems, helping your team prioritize efforts effectively.
Published Date
May 1, 2026
Last Modified
May 1, 2026
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Description
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_cli_cancel' function in all versions up to, and including, 1.17.1. This makes it possible for unauthenticated attackers to cancel a pending rollback, potentially preventing a WordPress installation from automatically reverting a failed update.