PT-2024-15985 · WordPress · The Everest Backup – Wordpress Cloud Backup
Floerer
·
Published
2024-11-05
·
Updated
2024-11-09
·
CVE-2024-10028
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin versions up to, and including, 2.2.13
Description
The issue allows unauthenticated attackers to obtain an archive file name and download the site's backup due to the exposed process stats file during the backup process. This is a result of sensitive information exposure in the plugin.
Recommendations
For versions up to, and including, 2.2.13, update the plugin to the latest patched version to mitigate the risk of sensitive information exposure. As a temporary workaround, consider restricting access to the backup process to minimize the risk of exploitation.
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Everest Backup – Wordpress Cloud Backup