cleantalk
Vulnerabilities and Security Researches

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin, CVE-2025-11380

CVE, Research URL

CVE-2025-11380

Home page URL

Security reports for Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin

Application

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin

Published on
Oct 11, 2025
Research Description
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to retrieve back-up file locations that can be subsequently accessed and downloaded. This does require a back-up to be running in order for an attacker to retrieve the back-up location.
Affected versions
max 2.3.6.
Status
vulnerable
Previous vulnerability researches
Accordion – Multiple Accordion or FAQs Builder (CVE-2023-25962) , Jun 06, 2024
Accordion – Multiple Accordion or FAQs Builder (CVE-2022-33198) , Jun 06, 2024
Accordion – Multiple Accordion or FAQs Builder (CVE-2022-45082) , Jun 06, 2024
Accordion – Multiple Accordion or FAQs Builder (CVE-2024-37122) , Jun 24, 2024
Accordion – Multiple Accordion or FAQs Builder (CVE-2022-38104) , Jun 06, 2024
New vulnerability
Easy Appointments (CVE-2025-49398) , Nov 11, 2025
Keyy Two Factor Authentication (like Clef) (CVE-2025-10293) , Nov 11, 2025
WP Pipes (CVE-2025-60227) , Nov 11, 2025
Content Writer (CVE-2025-10486) , Nov 11, 2025
oik-privacy-policy (CVE-2025-52743) , Nov 11, 2025