Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Everestthemes — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting Everestthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Everestthemes develops WordPress themes and plugins for website building, with a history of security vulnerabilities including 8 CVEs. Common issues include remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. The company's products have faced repeated security incidents, with vulnerabilities allowing attackers to execute arbitrary code, steal sensitive data, or compromise entire websites. Despite patches for reported issues, the pattern of similar vulnerabilities across their product line suggests systemic security weaknesses in development practices, posing ongoing risks to users who implement their themes and plugins without proper hardening.

Top products by Everestthemes: Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin Everest Backup Grace Mag
CVE IDTitleCVSSSeverityPublished
CVE-2025-62992 WordPress Everest Backup plugin <= 2.3.11 - Cross Site Request Forgery (CSRF) vulnerability — Everest BackupCWE-352 6.5 Medium2025-12-31
CVE-2025-10304 Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Authorization to Unauthenticated Backup Failure — Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning PluginCWE-862 5.3 Medium2025-12-03
CVE-2025-62946 WordPress Everest Backup plugin <= 2.3.8 - Broken Access Control vulnerability — Everest BackupCWE-862 5.3 Medium2025-10-27
CVE-2025-11380 Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure — Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning PluginCWE-862 5.9 Medium2025-10-11
CVE-2025-49238 WordPress Everest Backup plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability — Everest BackupCWE-352 4.3 Medium2025-06-06
CVE-2025-39360 WordPress Grace Mag theme <= 1.1.5 - Local File Inclusion vulnerability — Grace MagCWE-98 7.5 High2025-04-24
CVE-2024-10028 Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log — Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning PluginCWE-922 7.5 High2024-11-05
CVE-2023-52185 WordPress Everest Backup Plugin <= 2.1.9 is vulnerable to Sensitive Data Exposure — Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning PluginCWE-200 5.3 Medium2023-12-31

This page lists every published CVE security advisory associated with Everestthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.