CVE-2024-10028— Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-10028
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感信息的不安全存储
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin Everest Backup 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Everest Backup 2.2.13版本及之前版本存在安全漏洞,该漏洞源于包含一个敏感信息泄露漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| everestthemes | Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin | * ~ 2.2.13 | - |
II. Public POCs for CVE-2024-10028
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-10028
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: everestthemes
- CVE-2025-62992
WordPress Everest Backup plugin <= 2.3.11 - Cross Site Reque - CVE-2025-10304
Everest Backup – WordPress Cloud Backup, Migration, Restore - CVE-2025-62946
WordPress Everest Backup plugin <= 2.3.8 - Broken Access Con - CVE-2025-11380
Everest Backup <= 2.3.5 - Missing Authorization to Unauthent - CVE-2025-49238
WordPress Everest Backup plugin <= 2.3.3 - Cross Site Reques
Same weakness: CWE-922
- CVE-2026-40868
kyverno apicall servicecall implicit bearer token injection - CVE-2026-26152
Microsoft Cryptographic Services Elevation of Privilege Vuln - CVE-2026-5666
code-projects Online FIR System SQL Database Backup File com - CVE-2026-5650
code-projects Online Application System for Admission oas.sq - CVE-2025-10734
ReviewX – WooCommerce Product Reviews with Multi-Criteria, R
V. Comments for CVE-2024-10028
No comments yet