CVE-2024-10028
📋 TL;DR
The Everest Backup WordPress plugin exposes sensitive information during backup operations, allowing unauthenticated attackers to discover backup archive filenames and download complete site backups. This affects all WordPress sites using Everest Backup versions up to 2.2.13. Attackers can obtain full website backups containing database content, files, and potentially sensitive configuration data.
💻 Affected Systems
- Everest Backup - WordPress Cloud Backup, Migration, Restore & Cloning Plugin
📦 What is this software?
Everest Backup by Everestthemes
⚠️ Risk & Real-World Impact
Worst Case
Complete website compromise including database exfiltration, credential theft, sensitive data exposure, and potential lateral movement to other systems.
Likely Case
Unauthenticated attackers download site backups containing database content, user information, configuration files, and potentially sensitive data.
If Mitigated
Limited exposure if backups are stored in non-web-accessible locations and proper access controls are implemented.
🎯 Exploit Status
Exploitation requires accessing exposed process stats files during backup operations to discover backup archive filenames.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.14
Vendor Advisory: https://plugins.trac.wordpress.org/browser/everest-backup/tags/2.2.14
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Everest Backup plugin. 4. Click 'Update Now' if available, or download version 2.2.14+ from WordPress repository. 5. Replace plugin files with patched version.
🔧 Temporary Workarounds
Disable Everest Backup Plugin
allTemporarily disable the vulnerable plugin until patched version can be installed.
wp plugin deactivate everest-backup
Restrict Access to Backup Directory
linuxAdd .htaccess rules to block access to backup files and process stats.
# Add to .htaccess in backup directory:
Order deny,allow
Deny from all
🧯 If You Can't Patch
- Disable Everest Backup plugin immediately
- Implement web application firewall rules to block access to backup-related paths
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Everest Backup version. If version is 2.2.13 or lower, system is vulnerable.Check Version:
wp plugin get everest-backup --field=versionVerify Fix Applied:
Verify Everest Backup plugin version is 2.2.14 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual access to backup-related files
- Multiple requests to /wp-content/uploads/everest-backup/
- Access to files with .zip or .tar.gz extensions in backup directories
Network Indicators:
- HTTP requests to backup archive files by unauthenticated users
- Large downloads from backup directories
SIEM Query:
source="web_access_logs" AND (uri="/wp-content/uploads/everest-backup/*" OR uri="*.zip" OR uri="*.tar.gz") AND status=200 AND user_agent NOT IN ("WordPress/*")