CVE-2025-11380 is a vulnerability classified under CWE-862 (Missing Authorization) affecting the Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin up to version 2.3.5. The flaw arises because the plugin fails to perform a capability check on the 'everest_process_status' AJAX action, which is accessible without authentication. This allows unauthenticated attackers to query the status of backup processes and retrieve the locations of backup files. However, exploitation requires that a backup operation is currently running, as the AJAX action returns backup file paths only during active backups. The exposed backup file locations could potentially be accessed and downloaded if the web server or plugin configuration permits direct access to those files, leading to unauthorized disclosure of sensitive data contained in backups. The vulnerability impacts confidentiality but does not affect integrity or availability. The CVSS v3.1 score is 5.9 (medium severity) with vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network attack vector, high attack complexity, no privileges or user interaction required, and high confidentiality impact. No patches or known exploits are currently reported, but the risk exists especially for sites that rely on this plugin for backup and have not restricted access to backup files or AJAX endpoints.

For European organizations, this vulnerability poses a risk of unauthorized data disclosure if attackers can retrieve and access backup files containing sensitive information such as customer data, credentials, or proprietary content. This could lead to privacy violations under GDPR and damage to organizational reputation. Since WordPress is widely used across Europe for websites and e-commerce, organizations using the Everest Backup plugin are at risk, particularly if backups are stored in web-accessible locations without proper access controls. The impact is primarily on confidentiality, with no direct effect on system integrity or availability. Attackers do not need authentication or user interaction, increasing the threat surface. Organizations handling regulated or sensitive data must consider this vulnerability critical to address to avoid compliance issues and data breaches.

1. Immediately restrict access to the 'everest_process_status' AJAX endpoint by implementing server-side access controls or web application firewall (WAF) rules to block unauthenticated requests. 2. Ensure backup files are stored outside of web root directories or protected by strong access controls to prevent direct download. 3. Monitor backup processes and logs for unusual or unauthorized access attempts to backup-related endpoints. 4. Disable or remove the Everest Backup plugin if it is not essential or replace it with a more secure backup solution. 5. Apply plugin updates or patches as soon as they become available from the vendor. 6. Conduct regular security audits of WordPress plugins and configurations to detect missing authorization issues. 7. Educate site administrators on the risks of exposing backup files and the importance of secure plugin configurations.