CVE-2023-7201

Published: Apr 15, 2024Modified: May 8, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.2 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Affected (1)

Products: Everestthemes: Everest Backup

Everestthemes

1 product

Everest Backup

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Everestthemes Everest Backup	Before 2.2.5

References (2)

https://wpscan.com/vulnerability/64ba4461-bbba-45eb-981f-bb5f2e5e56e1/

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/64ba4461-bbba-45eb-981f-bb5f2e5e56e1/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.