CVE-2013-2743

BackupBuddy <2.2.28 - Auth Bypass

Title source: llm

Description

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter.

References (2)

[Exploit] http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html

[Exploit] http://packetstormsecurity.com/files/120923

Scores

EPSS 0.0028

EPSS Percentile 51.2%

Classification

CWE

CWE-287

Status draft

Affected Products (5)

ithemes/backupbuddy

Timeline

Published Apr 02, 2013

Tracked Since Feb 18, 2026