6.5
CVE-2023-7201
- EPSS 0.65%
- Veröffentlicht 15.04.2024 05:15:14
- Zuletzt bearbeitet 08.05.2025 16:53:40
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload
Everest Backup <= 2.2.4 - Authenticated (Admin+) Arbitrary File Upload
The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Mögliche Gegenmaßnahme
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: Update to version 2.2.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Everestthemes ≫ Everest Backup SwPlatformwordpress Version < 2.2.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin
Version
*-2.2.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.462 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 1.2 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
https://wpscan.com/vulnerability/64ba4461-bbba-45eb-981f-bb5f2e5e56e1/
https://www.wordfence.com/threat-intel/vulnerabilities/id/52b13188-5630-4ae9-9b2b-bd4dcadd240a