70 matches found
PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations. This vulnerability makes it possible for unauthenticated users...
WordPress Backup Buddy plugin 8.5.8.0 - 8.7.4.1 - Unauthenticated Path Traversal / Arbitrary File Download vulnerability
Unauthenticated Path Traversal / Arbitrary File Download vulnerability discovered by Lew Ayotte & Timothy Jacobs in WordPress Backup Buddy plugin versions 8.5.8.0 - 8.7.4.1. Solution Update the WordPress BackupBuddy plugin to the latest available version at least 8.7.5.0...
WordPress plugin BackupBuddy 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
BackupBuddy < 8.7.5 - Unauthenticated Arbitrary File Access
The plugin is affected by a Directory Traversal attack, allowing unauthenticated attackers to access arbitrary files on the web server, starting in version 8.5.8.0. Install BackupBuddy v8.5.8.0 through v8.7.4.1. curl...
BackupBuddy < 8.7.5 - Unauthenticated Arbitrary File Access
The plugin is affected by a Directory Traversal attack, allowing unauthenticated attackers to access arbitrary files on the web server, starting in version 8.5.8.0. PoC Install BackupBuddy v8.5.8.0 through v8.7.4.1. curl...
WordPress Plugin Ithemes-BackupBuddy Amazon WP-S3 Information Disclosure Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in the WordPress plugin Ithemes-BackupBuddy Amazon WP-S3. An attacker can...
WordPress Ithemes-BackupBuddy Amazon WP-S3 2.9 Database Disclosure
Exploit Title : WordPress Ithemes-BackupBuddy Amazon WP-S3 Plugins 2.9 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 17/12/2018 Vendor Homepage : ithemes.com/purchase/backupbuddy/ wordpress.org/plugins/wp-s3/ Software Download Link :...
WordPress BackupBuddy插件-db_1.sql、wp_users.sql-未授权访问漏洞
No description provided by source...
WordPress BackupBuddy Backup Disclosure
WordPress 'BackupBuddy' Plugin Exposure Backup File to Unauthorized Control CWE: CWE-530 Risk: High Author: Hugo Santiago dos Santos Contact: [email protected] Date: 15/05/2015 Vendor Homepage: https://ithemes.com/purchase/backupbuddy/ Google Dork: inurl:/wp-content/uploads/backupbuddytemp/ Po...
Backupbuddy - importbuddy.php step Parameter Remote PHP Information Disclosure
The backupbuddy WordPress plugin was affected by an importbuddy.php step Parameter Remote PHP Information Disclosure security vulnerability...
WordPress Backupbuddy Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...
CVE-2013-2744
importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function...
CVE-2013-2741
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a 1 direct request, 2 step=1 request,...
CVE-2013-2742
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script...
CVE-2013-2743
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter...
Authentication flaw
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter...
Design/Logic Flaw
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script...
Default configuration
importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function...
Design/Logic Flaw
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a 1 direct request, 2 step=1 request,...
CVE-2013-2744
CVE-2013-2744 affects WordPress BackupBuddy plugin, version 2.2.25, via importbuddy.php. The vulnerability allows remote attackers to disclose configuration information by triggering a step 0 phpinfo action that calls phpinfo. Impact is information disclosure of configuration data; no exploit det...