CVE-2025-11380
BaseFortify
Publication date: 2025-10-11
Last updated on: 2025-10-14
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| everest_backup | everest_backup | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could negatively impact compliance with data protection regulations such as GDPR and HIPAA because unauthorized access to backup files may result in exposure of personal or sensitive data, violating requirements for data confidentiality and security.
Can you explain this vulnerability to me?
This vulnerability exists in the Everest Backup WordPress plugin (up to version 2.3.5) where a missing capability check on the 'everest_process_status' AJAX action allows unauthenticated attackers to access backup file locations. If a backup is running, attackers can retrieve these locations and potentially download backup files without authorization.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of backup file locations and potentially the backup files themselves. This could expose sensitive data contained in backups to attackers, leading to data breaches or leakage of confidential information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Everest Backup WordPress plugin version is 2.3.5 or earlier, as these versions lack the necessary capability check on the 'everest_process_status' AJAX action. Since the vulnerability involves unauthorized access via an AJAX action, monitoring HTTP requests to the WordPress site for unauthenticated AJAX calls to 'everest_process_status' could help detect exploitation attempts. For example, you can use network monitoring tools or web server logs to look for requests like: curl -I https://yourwordpresssite.com/wp-admin/admin-ajax.php?action=everest_process_status or grep 'everest_process_status' /path/to/access.log. Additionally, checking the installed plugin version via WP-CLI can be done with: wp plugin get everest-backup --field=version. If the version is 2.3.5 or below, the site is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Everest Backup WordPress plugin to version 2.3.6 or later, as this version includes a comprehensive security update that adds the missing capability check and addresses the vulnerability described in CVE-2025-11380. Until the update is applied, consider restricting access to the AJAX action 'everest_process_status' by implementing firewall rules or access controls to prevent unauthenticated requests. Also, monitor for suspicious activity related to backup file access. [1]