CVE-2013-2741

BackupBuddy <2.2.28 - Info Disclosure

Title source: llm

Description

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.

References (2)

[Exploit] http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html

[Exploit] http://packetstormsecurity.com/files/120923

Scores

EPSS 0.0066

EPSS Percentile 70.9%

Classification

CWE

CWE-287

Status draft

Affected Products (5)

ithemes/backupbuddy

Timeline

Published Apr 02, 2013

Tracked Since Feb 18, 2026