CVE-2023-7201

Name of the Vulnerable Software and Affected Versions The Everest Backup WordPress plugin versions prior to 2.2.5

Description The issue allows high privilege users, such as admins, to upload arbitrary files on the server, even when they should not be allowed to, for example in a multisite setup. This is due to the plugin not properly validating backup files to be uploaded.

Recommendations For versions prior to 2.2.5, update to version 2.2.5 or later to resolve the issue. As a temporary workaround, consider restricting the upload functionality for high privilege users until the update is applied.