CVE-2025-62992
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
2Description
Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Path Traversal.This issue affects Everest Backup: from n/a through <= 2.3.11.
Analysis
Cross-Site Request Forgery (CSRF) in Everest Backup WordPress plugin versions ≤2.3.11 enables unauthenticated attackers to manipulate backup file paths via path traversal, potentially exposing sensitive files or altering backup integrity. The vulnerability requires user interaction (CVSS UI:R) and carries no authentication requirement (PR:N), allowing remote exploitation through social engineering. EPSS probability of 0.01% (1st percentile) indicates minimal observed exploitation activity in the wild, and no public exploit identified at time of analysis. Despite CVSS 8.1 severity reflecting high confidentiality and integrity impact, real-world risk remains moderate given the user-interaction dependency and absence of active exploitation indicators.
Technical Context
This vulnerability combines two weakness classes: CWE-352 (Cross-Site Request Forgery) as the attack vector and path traversal as the exploited functionality. The Everest Backup plugin for WordPress (CPE 2.3:a:everestthemes:everest_backup) fails to implement adequate CSRF token validation on backup file operations, allowing attackers to craft malicious requests that manipulate file path parameters. When combined with insufficient input sanitization on path traversal sequences (../, absolute paths), authenticated user sessions can be hijacked to access or manipulate files outside intended backup directories. WordPress plugins handling file operations are particularly susceptible when anti-CSRF protections (nonces) are missing or improperly validated on state-changing actions. The network attack vector (AV:N) indicates exploitation occurs through standard web requests without requiring local system access.
Affected Products
The vulnerability affects Everest Backup plugin for WordPress, maintained by everestthemes, in all versions from earliest release through version 2.3.11 inclusive (CPE 2.3:a:everestthemes:everest_backup:*:*:*:*:*:wordpress:*:* with version constraint ≤2.3.11). The Patchstack advisory references version 2.3.9 specifically in the database entry URL, suggesting the vulnerability was initially identified in that version and confirmed persistent through subsequent releases up to 2.3.11. WordPress administrators running any Everest Backup plugin version at or below 2.3.11 should consider their installations vulnerable to CSRF-based path traversal attacks targeting backup file operations. Complete vendor advisory available at https://patchstack.com/database/Wordpress/Plugin/everest-backup/vulnerability/wordpress-everest-backup-plugin-2-3-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve.
Remediation
WordPress administrators should immediately upgrade Everest Backup to the latest patched version exceeding 2.3.11, though the exact fixed version number is not confirmed from available data. Check the WordPress plugin repository or everestthemes vendor channels for current release status. Until patching, implement workarounds including restricting administrative access to trusted networks only, enabling Web Application Firewall (WAF) rules to detect CSRF attacks and path traversal patterns in backup-related requests, and educating administrative users to avoid clicking untrusted links while authenticated to WordPress. Review existing backup file locations for unauthorized access attempts or unexpected file modifications. Consider temporarily disabling the Everest Backup plugin if not actively required until patch confirmation. Monitor the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/everest-backup/vulnerability/wordpress-everest-backup-plugin-2-3-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve for updated remediation guidance and confirmed patched version numbers.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today