WordPress Plugin Vulnerabilities

Everest Backup < 2.2.14 - Unauthenticated Backup Download

Description

The plugin is vulnerable to Sensitive Information Exposure via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup.

Affects Plugins

Plugin icon
everest-backup
Fixed in 2.2.14

References

CVE
CVE-2024-10028
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/9b871957-a2b3-492f-b461-7040d9098b2b

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
7.5 (high)

Miscellaneous

Original Researcher
floerer
Verified
No
WPVDB ID
8194e556-a043-414d-b263-6cd7fd364f29

Timeline

Publicly Published
2024-11-05 (about 1 year ago)
Added
2024-11-05 (about 1 year ago)
Last Updated
2024-11-05 (about 1 year ago)

Other

Published
Title
Published
2025-02-13
Title
Return Refund and Exchange For WooCommerce < 4.4.6 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
Published
2024-02-26
Title
Tainacan < 0.20.7 - Unauthenticated Sensitive Information Exposure
Published
2026-02-03
Title
Chapa Payment Gateway Plugin for WooCommerce <= 1.0.3 - Unauthenticated Sensitive Information Exposure
Published
2024-07-04
Title
Simple Job Board < 2.12.6 - Unauthenticated Resumes Download
Published
2026-01-27
Title
WP Adminify < 4.0.7.8 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API