CVE-2025-11380
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-11

Last updated on: 2025-10-14

Assigner: Wordfence

Description
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to retrieve back-up file locations that can be subsequently accessed and downloaded. This does require a back-up to be running in order for an attacker to retrieve the back-up location.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-11
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-10-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11380
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
everest_backup everest_backup *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability could negatively impact compliance with data protection regulations such as GDPR and HIPAA because unauthorized access to backup files may result in exposure of personal or sensitive data, violating requirements for data confidentiality and security.

Executive Summary

This vulnerability exists in the Everest Backup WordPress plugin (up to version 2.3.5) where a missing capability check on the 'everest_process_status' AJAX action allows unauthenticated attackers to access backup file locations. If a backup is running, attackers can retrieve these locations and potentially download backup files without authorization.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of backup file locations and potentially the backup files themselves. This could expose sensitive data contained in backups to attackers, leading to data breaches or leakage of confidential information.

Detection Guidance

This vulnerability can be detected by checking if the Everest Backup WordPress plugin version is 2.3.5 or earlier, as these versions lack the necessary capability check on the 'everest_process_status' AJAX action. Since the vulnerability involves unauthorized access via an AJAX action, monitoring HTTP requests to the WordPress site for unauthenticated AJAX calls to 'everest_process_status' could help detect exploitation attempts. For example, you can use network monitoring tools or web server logs to look for requests like: curl -I https://yourwordpresssite.com/wp-admin/admin-ajax.php?action=everest_process_status or grep 'everest_process_status' /path/to/access.log. Additionally, checking the installed plugin version via WP-CLI can be done with: wp plugin get everest-backup --field=version. If the version is 2.3.5 or below, the site is vulnerable. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the Everest Backup WordPress plugin to version 2.3.6 or later, as this version includes a comprehensive security update that adds the missing capability check and addresses the vulnerability described in CVE-2025-11380. Until the update is applied, consider restricting access to the AJAX action 'everest_process_status' by implementing firewall rules or access controls to prevent unauthenticated requests. Also, monitor for suspicious activity related to backup file access. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11380. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart