Primary

Context

Everest Backup WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Data Access

Vulnerability

Patched

A vulnerability exists in the Everest Backup WordPress plugin, specifically in versions through 2.3.5, due to a lack of proper capability checks on the 'everest_process_status' AJAX action. This flaw enables unauthenticated attackers to access backup file locations, which can then be downloaded, provided a backup is currently active.

Impact

Exploitation of this vulnerability could lead to unauthorized access and download of backup files, potentially exposing sensitive data.

Remediation

Users are advised to update the Everest Backup WordPress plugin to version 2.3.6 or a later patched version.

Added: Oct 11, 2025, 3:17 AM

Updated: Oct 11, 2025, 3:17 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.1

remediation

7.7

relevance

0.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.1

remediation

7.7

relevance

0.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Everest Backup WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Data Access

Vulnerability

Impact

Remediation

Affected Products

Everest Backup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating