CVE-2013-2741

2022-10-0316:15:02

CWE-287

[email protected]

web.nvd.nist.gov

wordpress

backupbuddy

cve-2013-2741

vulnerability

information security

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.5%

JSON

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.

Affected configurations

NVD

Node

ithemesbackupbuddyMatch1.3.4

ithemesbackupbuddyMatch2.1.4

ithemesbackupbuddyMatch2.2.4

ithemesbackupbuddyMatch2.2.25

ithemesbackupbuddyMatch2.2.28

AND

wordpresswordpressMatch-

CPENameOperatorVersion
ithemes:backupbuddyithemes backupbuddyeq1.3.4
ithemes:backupbuddyithemes backupbuddyeq2.1.4
ithemes:backupbuddyithemes backupbuddyeq2.2.4
ithemes:backupbuddyithemes backupbuddyeq2.2.25
ithemes:backupbuddyithemes backupbuddyeq2.2.28

CPE	Name	Operator	Version
ithemes:backupbuddy	ithemes backupbuddy	eq	1.3.4
ithemes:backupbuddy	ithemes backupbuddy	eq	2.1.4
ithemes:backupbuddy	ithemes backupbuddy	eq	2.2.4
ithemes:backupbuddy	ithemes backupbuddy	eq	2.2.25
ithemes:backupbuddy	ithemes backupbuddy	eq	2.2.28