Lucene search
+L

70 matches found

Wordfence Blog
Wordfence Blog
added 2022/09/07 2:56 p.m.21 views

PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin

Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations. This vulnerability makes it possible for unauthenticated users...

7.6AI score0.63761EPSS
Exploits2
Patchstack
Patchstack
added 2022/09/07 12:0 a.m.42 views

WordPress Backup Buddy plugin 8.5.8.0 - 8.7.4.1 - Unauthenticated Path Traversal / Arbitrary File Download vulnerability

Unauthenticated Path Traversal / Arbitrary File Download vulnerability discovered by Lew Ayotte & Timothy Jacobs in WordPress Backup Buddy plugin versions 8.5.8.0 - 8.7.4.1. Solution Update the WordPress BackupBuddy plugin to the latest available version at least 8.7.5.0...

4.7AI score0.63761EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.9 views

WordPress plugin BackupBuddy 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

7.5CVSS7.7AI score0.63761EPSS
Exploits2References5
wpexploit
wpexploit
added 2022/09/06 12:0 a.m.146 views

BackupBuddy < 8.7.5 - Unauthenticated Arbitrary File Access

The plugin is affected by a Directory Traversal attack, allowing unauthenticated attackers to access arbitrary files on the web server, starting in version 8.5.8.0. Install BackupBuddy v8.5.8.0 through v8.7.4.1. curl...

2.8AI score0.63761EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/09/06 12:0 a.m.73 views

BackupBuddy < 8.7.5 - Unauthenticated Arbitrary File Access

The plugin is affected by a Directory Traversal attack, allowing unauthenticated attackers to access arbitrary files on the web server, starting in version 8.5.8.0. PoC Install BackupBuddy v8.5.8.0 through v8.7.4.1. curl...

4.9AI score0.63761EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2018/12/18 12:0 a.m.4 views

WordPress Plugin Ithemes-BackupBuddy Amazon WP-S3 Information Disclosure Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in the WordPress plugin Ithemes-BackupBuddy Amazon WP-S3. An attacker can...

6.1AI score
Exploits0References1
Packet Storm
Packet Storm
added 2018/12/17 12:0 a.m.53 views

WordPress Ithemes-BackupBuddy Amazon WP-S3 2.9 Database Disclosure

Exploit Title : WordPress Ithemes-BackupBuddy Amazon WP-S3 Plugins 2.9 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 17/12/2018 Vendor Homepage : ithemes.com/purchase/backupbuddy/ wordpress.org/plugins/wp-s3/ Software Download Link :...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2016/03/26 12:0 a.m.27 views

WordPress BackupBuddy插件-db_1.sql、wp_users.sql-未授权访问漏洞

No description provided by source...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/05/15 12:0 a.m.37 views

WordPress BackupBuddy Backup Disclosure

WordPress 'BackupBuddy' Plugin Exposure Backup File to Unauthorized Control CWE: CWE-530 Risk: High Author: Hugo Santiago dos Santos Contact: [email protected] Date: 15/05/2015 Vendor Homepage: https://ithemes.com/purchase/backupbuddy/ Google Dork: inurl:/wp-content/uploads/backupbuddytemp/ Po...

0.3AI score
Exploits0
WPVulnDB
WPVulnDB
added 2015/03/24 12:0 a.m.26 views

Backupbuddy - importbuddy.php step Parameter Remote PHP Information Disclosure

The backupbuddy WordPress plugin was affected by an importbuddy.php step Parameter Remote PHP Information Disclosure security vulnerability...

5CVSS1.7AI score0.02136EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2013/08/29 12:0 a.m.23 views

WordPress Backupbuddy Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

7.5CVSS6.3AI score0.02563EPSS
Exploits4References7
NVD
NVD
added 2013/04/02 12:9 p.m.26 views

CVE-2013-2744

importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function...

5CVSS6.3AI score0.02136EPSS
Exploits1References2
NVD
NVD
added 2013/04/02 12:9 p.m.23 views

CVE-2013-2741

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a 1 direct request, 2 step=1 request,...

7.5CVSS6.7AI score0.02563EPSS
Exploits1References2
NVD
NVD
added 2013/04/02 12:9 p.m.23 views

CVE-2013-2742

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script...

7.5CVSS6.5AI score0.0243EPSS
Exploits1References2
NVD
NVD
added 2013/04/02 12:9 p.m.30 views

CVE-2013-2743

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter...

7.5CVSS6.9AI score0.02563EPSS
Exploits1References2
Prion
Prion
added 2013/04/02 12:9 p.m.20 views

Authentication flaw

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter...

7.5CVSS7.4AI score0.02563EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2013/04/02 12:9 p.m.19 views

Design/Logic Flaw

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script...

7.5CVSS7AI score0.0243EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2013/04/02 12:9 p.m.15 views

Default configuration

importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function...

5CVSS6.9AI score0.02136EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2013/04/02 12:9 p.m.16 views

Design/Logic Flaw

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a 1 direct request, 2 step=1 request,...

7.5CVSS7.2AI score0.02563EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2013/04/02 10:0 a.m.42 views

CVE-2013-2744

CVE-2013-2744 affects WordPress BackupBuddy plugin, version 2.2.25, via importbuddy.php. The vulnerability allows remote attackers to disclose configuration information by triggering a step 0 phpinfo action that calls phpinfo. Impact is information disclosure of configuration data; no exploit det...

5CVSS6.5AI score0.02136EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder