The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin suffers from a missing authorization check vulnerability (CWE-862) in its process_status_unlink() function. This function handles the deletion of backup progress files during ongoing backup operations. Due to the absence of capability checks, unauthenticated attackers can invoke this function remotely to delete these progress files, causing the backup process to fail prematurely. The vulnerability affects all plugin versions up to 2.3.8. Exploitation requires no privileges or user interaction and can be performed over the network. While the vulnerability does not expose backup data or allow direct system compromise, it undermines the integrity of backup operations by disrupting their completion. This can lead to incomplete or missing backups, increasing the risk of data loss in case of system failure or ransomware attacks. No patches or official fixes are currently linked, and no active exploitation has been reported. The CVSS 3.1 base score is 5.3 (medium), reflecting the ease of exploitation but limited impact on confidentiality and availability. Organizations relying on this plugin for critical backup and migration tasks should monitor for updates and consider interim protective measures.

For European organizations, the primary impact is operational disruption of backup processes, which can compromise data recovery capabilities. Incomplete or failed backups increase the risk of data loss during incidents such as ransomware attacks, hardware failures, or accidental deletions. This can affect business continuity and compliance with data protection regulations like GDPR, which require reliable data backup and recovery mechanisms. Although the vulnerability does not directly expose sensitive data or allow system takeover, the inability to complete backups reliably can have serious downstream effects on data integrity and availability. Organizations with large WordPress deployments using Everest Backup for cloud backup, migration, or cloning are particularly at risk. The disruption could also affect managed service providers and hosting companies offering WordPress services across Europe, potentially impacting multiple clients. The medium severity rating suggests that while the threat is not critical, it warrants timely remediation to prevent operational risks.

1. Monitor the Everestthemes plugin repository and official communication channels for patches addressing CVE-2025-10304 and apply updates promptly once available. 2. Until a patch is released, restrict access to the WordPress REST API or any endpoints invoking process_status_unlink() by implementing web application firewall (WAF) rules or IP whitelisting to block unauthenticated requests targeting this function. 3. Harden WordPress installations by limiting plugin usage to trusted sources and regularly auditing installed plugins for vulnerabilities. 4. Implement monitoring and alerting on backup process failures to detect potential exploitation attempts early. 5. Consider isolating backup operations in environments with strict access controls to reduce exposure. 6. Educate administrators on the importance of verifying plugin permissions and capability checks during plugin deployment and updates. 7. Employ intrusion detection systems to identify anomalous requests that may indicate exploitation attempts.