CVE-2024-10028

Published: Nov 6, 2024Modified: Nov 8, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: security@wordfence.com (Secondary)

Description

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup.

Affected (1)

Products: Everestthemes: Everest Backup

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Everestthemes Everest Backup	Before 2.2.14

Related CWEs

Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (2)

https://plugins.trac.wordpress.org/browser/everest-backup/tags/2.2.13/inc/classes/class-backup-directory.php#L514

Source: security@wordfence.com

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/9b871957-a2b3-492f-b461-7040d9098b2b?source=cve

Source: security@wordfence.com

Third Party Advisory

Timeline

No history available yet.