CVE-2025-11380

Name of the Vulnerable Software and Affected Versions Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin versions prior to 2.3.6

Description The Everest Backup plugin for WordPress allows unauthorized access to data due to a missing capability check on the everest process status AJAX action. This allows unauthenticated attackers to retrieve back-up file locations, which can then be accessed and downloaded. This requires a back-up to be running in order for an attacker to retrieve the back-up location.

Recommendations Update to version 2.3.6 or later.