cleantalk
Vulnerabilities and Security Researches

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin, CVE-2025-11380

CVE, Research URL

CVE-2025-11380

Home page URL

Security reports for Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin

Application

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin

Published on
Oct 11, 2025
Research Description
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to retrieve back-up file locations that can be subsequently accessed and downloaded. This does require a back-up to be running in order for an attacker to retrieve the back-up location.
Affected versions
max 2.3.6.
Status
vulnerable
Previous vulnerability researches
Admin SMS Alert (CVE-2024-51637) , Nov 05, 2024
SMS Alert Order Notifications – WooCommerce (CVE-2024-11725) , Jan 08, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2024-1489) , Jun 07, 2024
New vulnerability
YOP Poll (CVE-2025-62040) , Nov 11, 2025
Insert Headers and Footers Code – HT Script (CVE-2025-12112) , Nov 11, 2025
Easy Appointments (CVE-2025-49398) , Nov 11, 2025
Keyy Two Factor Authentication (like Clef) (CVE-2025-10293) , Nov 11, 2025
WP Pipes (CVE-2025-60227) , Nov 11, 2025