The CVE identifies a Cross‑Site Request Forgery vulnerability (CWE‑352) in the Everest Backup plugin for WordPress. According to the description, the flaw enables a malicious actor to cause an authenticated administrator to unknowingly submit a request that performs an unintended action within the plugin. The impact is confined to the administrative actions that the user is authorized to perform; the flaw does not grant remote code execution or overt data exfiltration. It is inferred from the wording that configuration changes or data exposure could result, though the CVE does not detail specific affected functions.

The affected product is the Everest Backup plugin developed by EverestThemes for WordPress. All releases up to and including version 2.3.3 are impacted, as the description lists “n/a through <= 2.3.3.” Any WordPress site running a vulnerable version within that range is at risk.

The CVSS base score of 4.3 indicates a medium risk level. The EPSS score of less than 1% shows that widespread exploitation is considered unlikely, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves a malicious website or injected content that issues a forged request while an authenticated administrator is browsing the site; the attacker must craft the request and the victim must be logged in. Because the flaw requires an authenticated session and does not involve privilege escalation, the overall risk is moderate and exploitability realistic only in environments with a sizable administrator user base.