CVE-2024-10028
Last modified
CVE-2024-10028 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup.. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Everestthemes | Everest Backup | < 2.2.14 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-10028?
How severe is CVE-2024-10028?
How do I fix CVE-2024-10028?
Are you affected by CVE-2024-10028?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST