WP-Safety

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin Security & Risk Analysis

wordpress.org/plugins/everest-backup

Everest Backup is a modern tool that will take care of your website's backups, restoration, migration, and cloning.

3K active installs v2.3.11 PHP 7.4+ WP 5.6+ Updated Mar 3, 2026
backupclonemigrate-wordpressmigrationpcloud
60
C · Use Caution
CVEs total8
Unpatched1
Last CVEDec 31, 2025
Plugin page Download
Safety Verdict

Is Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin Safe to Use in 2026?

Use With Caution

Score 60/100

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

8 known CVEs 1 unpatched Last CVE: Dec 31, 2025Updated 1mo ago
Risk Assessment

The 'everest-backup' plugin version 2.3.11 exhibits a mixed security posture. While it demonstrates good practices in areas like output escaping (96%) and the use of prepared statements for SQL queries (79%), significant concerns arise from its attack surface and vulnerability history. The presence of 15 AJAX handlers, with a concerning 6 lacking authentication checks, creates a broad entry point for potential exploitation. Furthermore, the taint analysis reveals 2 flows with unsanitized paths, which, although not classified as critical or high severity in this specific scan, represent potential vectors for data manipulation or unauthorized access if not properly mitigated by subsequent checks.

The plugin's history of 8 known CVEs, including 1 currently unpatched vulnerability and several high-severity issues like Missing Authorization and CSRF, is a major red flag. This pattern suggests a recurring struggle with implementing robust security controls. The types of past vulnerabilities point to fundamental security flaws that attackers have successfully exploited. While the current scan doesn't highlight critical vulnerabilities, the historical context necessitates a high degree of caution. The plugin's strengths lie in its code sanitation and query preparation, but these are overshadowed by a substantial attack surface with unprotected endpoints and a concerning track record of security breaches.

Key Concerns

  • Unprotected AJAX handlers
  • Currently unpatched CVE
  • High severity historical vulnerabilities
  • Flows with unsanitized paths
  • Large attack surface
Vulnerabilities
8

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2024
2024
5 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
3
Medium
5

8 total CVEs

CVE-2025-62992medium · 4.3Cross-Site Request Forgery (CSRF)

Everest Backup <= 2.3.9 - Cross-Site Request Forgery

Dec 31, 2025Unpatched
CVE-2025-10304medium · 5.3Missing Authorization

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Authorization to Unauthenticated Backup Failure

Dec 2, 2025 Patched in 2.3.9 (1d)
CVE-2025-62946medium · 5.3Missing Authorization

Everest Backup <= 2.3.8 - Missing Authorization

Oct 10, 2025 Patched in 2.3.9 (46d)
CVE-2025-11380medium · 5.9Missing Authorization

Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure

Oct 10, 2025 Patched in 2.3.6 (1d)
CVE-2025-49238medium · 4.3Cross-Site Request Forgery (CSRF)

Everest Backup <= 2.3.3 - Cross-Site Request Forgery

Jun 5, 2025 Patched in 2.3.4 (7d)
CVE-2024-10028high · 7.5Insecure Storage of Sensitive Information

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log

Nov 5, 2024 Patched in 2.2.14 (1d)
CVE-2023-7201high · 7.2Unrestricted Upload of File with Dangerous Type

Everest Backup <= 2.2.4 - Authenticated (Admin+) Arbitrary File Upload

Mar 25, 2024 Patched in 2.2.5 (7d)
CVE-2023-52185high · 7.5Exposure of Sensitive Information to an Unauthorized Actor

Everest Backup <= 2.1.9 - Sensitive Information Exposure via Log File

Dec 29, 2023 Patched in 2.2.0 (25d)
Code Analysis
Analyzed Mar 16, 2026

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
23 prepared
Unescaped Output
22
583 escaped
Nonce Checks
12
Capability Checks
21
File Operations
117
External Requests
22
Bundled Libraries
0

SQL Query Safety

79% prepared29 total queries

Output Escaping

96% escaped605 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
<history> (inc\views\history.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin Attack Surface

Entry Points15
Unprotected6

AJAX Handlers 15

authwp_ajax_everest_backup_addoninc\classes\class-ajax.php:51
noprivwp_ajax_everest_process_statusinc\classes\class-ajax.php:62
authwp_ajax_everest_process_statusinc\classes\class-ajax.php:63
noprivwp_ajax_everest_backup_cloud_available_storageinc\classes\class-ajax.php:66
authwp_ajax_everest_backup_cloud_available_storageinc\classes\class-ajax.php:67
authwp_ajax_everest_backup_process_status_unlinkinc\classes\class-ajax.php:73
noprivwp_ajax_everest_backup_activate_plugininc\classes\class-ajax.php:76
authwp_ajax_everest_backup_activate_plugininc\classes\class-ajax.php:79
noprivwp_ajax_everest_backup_create_new_staginginc\classes\class-ajax.php:82
authwp_ajax_everest_backup_create_new_staginginc\classes\class-ajax.php:83
authwp_ajax_everest_backup_list_backup_contentinc\core\class-list-backup.php:35
noprivwp_ajax_everest_backup_list_backup_contentinc\core\class-list-backup.php:36
authwp_ajax_everest_backup_generate_backup_list_fileinc\core\class-list-backup.php:38
noprivwp_ajax_everest_backup_generate_backup_list_fileinc\core\class-list-backup.php:39
noprivwp_ajax_everest_backup_schedule_backup_create_iteminc\modules\cron\class-cron-actions.php:40
WordPress Hooks 45
actionadmin_headinc\classes\class-admin-menu.php:33
actionadmin_bar_menuinc\classes\class-admin-menu.php:36
actioneverest_backup_before_restore_initinc\classes\class-ajax.php:59
actionadmin_initinc\classes\class-cloud.php:73
filtereverest_backup_filter_package_locationsinc\classes\class-cloud.php:207
actioneverest_backup_settings_cloud_contentinc\classes\class-cloud.php:208
actioneverest_backup_after_zip_doneinc\classes\class-cloud.php:222
filtereverest_backup_history_table_datainc\classes\class-cloud.php:224
actioneverest_backup_history_after_filtersinc\classes\class-cloud.php:225
actioneverest_backup_override_file_removeinc\classes\class-cloud.php:226
filtereverest_backup_filter_view_renderer_argsinc\classes\class-cloud.php:228
actioneverest_backup_before_restore_initinc\classes\class-cloud.php:230
filtereverest_backup_filter_rollback_argsinc\classes\class-cloud.php:232
actionwp_scheduled_deleteinc\classes\class-cloud.php:234
filtereverest_backup_avoid_delete_from_serverinc\classes\class-cloud.php:381
actioneverest_backup_before_settings_saveinc\classes\class-cron.php:32
filtercron_schedulesinc\classes\class-cron.php:33
actionadmin_initinc\classes\class-cron.php:34
actionadmin_initinc\classes\class-cron.php:36
actionupgrader_process_completeinc\classes\class-everest-backup.php:42
actioninitinc\classes\class-everest-backup.php:58
actioninitinc\classes\class-everest-backup.php:59
actionadmin_initinc\classes\class-everest-backup.php:60
actionadmin_enqueue_scriptsinc\classes\class-everest-backup.php:61
actionplugins_loadedinc\classes\class-everest-backup.php:63
actionplugins_loadedinc\classes\class-everest-backup.php:64
actionadmin_noticesinc\classes\class-everest-backup.php:66
actionadmin_noticesinc\classes\class-everest-backup.php:67
actiontemplate_redirectinc\classes\class-everest-backup.php:69
actioneverest_backup_check_values_before_settings_saveinc\classes\class-everest-backup.php:90
actionadmin_noticesinc\classes\class-everest-backup.php:442
actioneverest_backup_before_send_jsoninc\classes\class-extract.php:106
filterhttps_ssl_verifyinc\classes\class-updater.php:112
filterplugins_apiinc\classes\class-updater.php:119
filtersite_transient_update_pluginsinc\classes\class-updater.php:150
actionrest_api_initinc\core\class-init.php:104
filtereverest_backup_disable_send_jsoninc\core\controllers\v1\class-schedule-backup-controller.php:113
filtereverest_backup_disable_send_jsoninc\core\import\class-wrapup.php:341
filtereverest_backup_disable_send_jsoninc\functions.php:675
actionwp_version_checkinc\modules\cron\class-cron-actions.php:38
actionwp_scheduled_deleteinc\modules\cron\class-cron-actions.php:39
filtereverest_backup_disable_send_jsoninc\modules\cron\class-cron-actions.php:351
actioneverest_backup_after_logs_saveinc\modules\email\class-email-logs.php:39
actionadmin_initinc\modules\email\class-send-test-email.php:32
actionadmin_footerinc\stats\class-stats.php:76
Maintenance & Trust

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version7.4
Downloads147K

Community Trust

Rating88/100
Number of ratings42
Active installs3K
Alternatives

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin Alternatives

Prime Mover – Migrate WordPress Website & Backups

Prime Mover – Migrate WordPress Website & Backups

prime-mover

A
99

The simplest all-around WordPress migration tool/backup plugin. These support multisite backup/migration or clone WP site/multisite subsite.

10K 1 CVE
BlogVault Backup & Staging

BlogVault Backup & Staging

blogvault-real-time-backup

A
99

Secure incremental backups with staging, migration, and one-click restore for WordPress. Offsite storage and easy recovery.

80K 1 CVE
1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone

1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone

1-click-migration

B
71

Free WordPress migration plugin for backup, restore, clone, and site transfer with zero downtime. Migrate WordPress site easily.

400 1 unpatched
Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups

Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups

trinity-backup

A
100

Backup, migrate, clone, and restore WordPress sites of any size. Scheduled, pre-update backups, email notifications, WP-CLI, white label, encryption.

300 No CVEs
Migratico Lite

Migratico Lite

migratico-lite

A
100

The simple and reliable WordPress migration plugin. Quickly backup, migrate, copy, move, or clone your site from one location to another.

0 No CVEs
Developer Profile

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin Developer Profile

everestthemes

5 plugins · 8K total installs

75
trust score
Avg Security Score
73/100
Avg Patch Time
13 days
View full developer profile
Detection Fingerprints

How We Detect Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/everest-backup/assets/css/everest-backup.css/wp-content/plugins/everest-backup/assets/js/everest-backup.js/wp-content/plugins/everest-backup/assets/css/vendors/bootstrap.min.css/wp-content/plugins/everest-backup/assets/css/vendors/dataTables.bootstrap.min.css/wp-content/plugins/everest-backup/assets/css/vendors/font-awesome.min.css/wp-content/plugins/everest-backup/assets/css/vendors/lobipanels.css/wp-content/plugins/everest-backup/assets/css/vendors/nouislider.css/wp-content/plugins/everest-backup/assets/css/vendors/select2.min.css+8 more
Script Paths
/wp-content/plugins/everest-backup/assets/js/everest-backup.js
Version Parameters
ver=/wp-content/plugins/everest-backup/assets/css/everest-backup.cssver=/wp-content/plugins/everest-backup/assets/js/everest-backup.jsver=/wp-content/plugins/everest-backup/assets/css/vendors/bootstrap.min.cssver=/wp-content/plugins/everest-backup/assets/css/vendors/dataTables.bootstrap.min.cssver=/wp-content/plugins/everest-backup/assets/css/vendors/font-awesome.min.cssver=/wp-content/plugins/everest-backup/assets/css/vendors/lobipanels.cssver=/wp-content/plugins/everest-backup/assets/css/vendors/nouislider.cssver=/wp-content/plugins/everest-backup/assets/css/vendors/select2.min.cssver=/wp-content/plugins/everest-backup/assets/css/vendors/sweetalert.cssver=/wp-content/plugins/everest-backup/assets/js/vendors/bootstrap.min.jsver=/wp-content/plugins/everest-backup/assets/js/vendors/dataTables.min.jsver=/wp-content/plugins/everest-backup/assets/js/vendors/jquery.dataTables.min.jsver=/wp-content/plugins/everest-backup/assets/js/vendors/lobipanels.jsver=/wp-content/plugins/everest-backup/assets/js/vendors/nouislider.jsver=/wp-content/plugins/everest-backup/assets/js/vendors/select2.full.jsver=/wp-content/plugins/everest-backup/assets/js/vendors/sweetalert.min.js

HTML / DOM Fingerprints

CSS Classes
everest-backup-wrap
HTML Comments
<!-- Everest Backup core file. --><!-- Path to Everest Backup plugin folder. --><!-- Bootstrap our files. --><!-- Init our plugin. -->+20 more
Data Attributes
data-plugin-name="Everest Backup"
JS Globals
everest_backup
REST Endpoints
/wp-json/everest-backup/v1/get-backup-download-url
FAQ

Frequently Asked Questions about Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin