What the vulnerability does
01Description
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to retrieve back-up file locations that can be subsequently accessed and downloaded. This does require a back-up to be running in order for an attacker to retrieve the back-up location.
Explanation of Vulnerability in Simple Terms
02Summary
The Everest Backup plugin for WordPress does not properly check user permissions before allowing access to sensitive backup operations. An attacker on the network can read backup data without authentication, potentially exposing site content, database information, and configuration details. Sites running version 2.3.5 or earlier are affected.
What an attacker can do
03Attacker Capabilities
Read backup files and sensitive site data without logging in.
Potential impact on your site
04Site Impact
Attackers can access backups containing your database, files, and configuration without a password.
Conditions required to exploit
05Prerequisites
Network access to the WordPress site; no authentication or user interaction required.
Key dates
06Disclosure timeline
October 11, 2025
CVE published
April 8, 2026
Record updated