CVE-2024-10028

HIGH

Everest Backup - WordPress Cloud <2.2.13 - Info Disclosure

Title source: llm

Description

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup.

References (2)

[Patch] https://plugins.trac.wordpress.org/browser/everest-backup/tags/2.2.13/inc/classes/class-backup-directory.php#L514

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/9b871957-a2b3-492f-b461-7040d9098b2b?source=cve

Scores

CVSS v3 7.5

EPSS 0.0230

EPSS Percentile 84.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-922

Status published

Products (2)

everestthemes/Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin < 2.2.13

everestthemes/everest_backup < 2.2.14

Published Nov 06, 2024

Tracked Since Feb 18, 2026