cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches foreverest-backup everest-backup

Direction: ascending
Jun 07, 2024

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin # f8d02775428e8ca895e9b0fe1b5f57146e965e68

CVE, Research URL

f8d02775428e8ca895e9b0fe1b5f57146e965e68

Home page URL

Security reports for Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin

Application

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin

Date
-
Research Description
Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin [everest-backup] < 1.0.8 Everest Backup &lt;= 1.0.7 - Missing Authorization Checks on Backup Exports The Everest Backup plugin for WordPress is vulnerable to backup export disclosure in versions up to, and including, 1.0.7. This is due to insufficient access controls on the everest_backup_get_ajax_response() function. This makes it possible for authenticated attackers to reveal sensitive information about back-ups created by the plugin.
Affected versions
max 1.0.8.
Status
vulnerable

Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin # CVE-2023-52185

CVE, Research URL

CVE-2023-52185

Home page URL

Security reports for Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin

Application

Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin

Date
Dec 31, 2023
Research Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n/a through 2.1.9.
Affected versions
max 2.2.0.
Status
vulnerable

Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin # CVE-2023-7201

CVE, Research URL

CVE-2023-7201

Home page URL

Security reports for Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin

Application

Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin

Date
Apr 15, 2024
Research Description
The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Affected versions
max 2.2.5.
Status
vulnerable
Nov 07, 2024

Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin # CVE-2024-10028

CVE, Research URL

CVE-2024-10028

Home page URL

Security reports for Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin

Application

Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin

Date
Nov 06, 2024
Research Description
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup.
Affected versions
max 2.2.14.
Status
vulnerable
Nov 11, 2025

Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin # CVE-2025-62946

CVE, Research URL

CVE-2025-62946

Home page URL

Security reports for Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin

Application

Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin

Date
Oct 27, 2025
Research Description
Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a through <= 2.3.8.
Affected versions
max 2.3.8.
Status
vulnerable

Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin # CVE-2025-11380

CVE, Research URL

CVE-2025-11380

Home page URL

Security reports for Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin

Application

Everest Backup &#8211; WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin

Date
Oct 11, 2025
Research Description
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to retrieve back-up file locations that can be subsequently accessed and downloaded. This does require a back-up to be running in order for an attacker to retrieve the back-up location.
Affected versions
max 2.3.6.
Status
vulnerable