CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
79.5%
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script.
Vendor | Product | Version | CPE |
---|---|---|---|
ithemes | backupbuddy | 1.3.4 | cpe:2.3:a:ithemes:backupbuddy:1.3.4:*:*:*:*:*:*:* |
ithemes | backupbuddy | 2.1.4 | cpe:2.3:a:ithemes:backupbuddy:2.1.4:*:*:*:*:*:*:* |
ithemes | backupbuddy | 2.2.4 | cpe:2.3:a:ithemes:backupbuddy:2.2.4:*:*:*:*:*:*:* |
ithemes | backupbuddy | 2.2.25 | cpe:2.3:a:ithemes:backupbuddy:2.2.25:*:*:*:*:*:*:* |
ithemes | backupbuddy | 2.2.28 | cpe:2.3:a:ithemes:backupbuddy:2.2.28:*:*:*:*:*:*:* |
wordpress | wordpress | - | cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:* |