EUVD-2013-2681

Malware in sbrugna...

Backupbuddy - importbuddy.php step Parameter Remote PHP Information Disclosure

The backupbuddy WordPress plugin was affected by an importbuddy.php step Parameter Remote PHP Information Disclosure security vulnerability...

CVE-2013-2742

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script...

Design/Logic Flaw

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script...

CVE-2013-2742

CVE-2013-2742 affects the WordPress BackupBuddy plugin via importbuddy.php. Affected versions: 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4. The root cause is that importbuddy.php does not reliably delete itself after completing a restore, enabling remote attackers to gain access through subsequent re...

CVE-2013-2741

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a 1 direct request, 2 step=1 request,...

CVE-2013-2744

importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function...

CVE-2013-2742

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script...

WordPress BackupBuddy Plugin <= 2.2.4 - Sensitive Data Exposure #2

Because of this vulnerability in the importbuddy.php, the plugin does not reliably delete itself after completing a restore operation. In that way the attackers can obtain access via subsequent requests to this script. Solution Update the plugin...

WordPress BackupBuddy Plugin <= 2.2.4 - Sensitive Data Exposure #3

This vulnerability is in the importbuddy.php. It allows the attackers to obtain sensitive information, or overwrite or delete files. Solution Update the plugin...

WordPress BackupBuddy Plugin <= 2.2.25 - Sensitive Data Exposure

This vulnerability is in importbuddy.php. It allows remote attackers to obtain configuration information via a step 0 phpinfo action. Solution Update the plugin...

Backupbuddy 2.2.4 Sensitive Data Exposure

Backupbuddy - sensitive data exposure in importbuddy.php "the premiere WordPress backup plugin to backup, restore and move WordPress" http://ithemes.com/purchase/backupbuddy/ known versions affected: v1.3.4, v2.1.4, v2.2.25, v2.2.28, v2.2.4, likely other versions also impact: access to wordpress...

Backupbuddy - importbuddy.php step Parameter Manipulation Authentication Bypass

The backupbuddy WordPress plugin was affected by an importbuddy.php step Parameter Manipulation Authentication Bypass security vulnerability...

Backupbuddy - importbuddy.php Restore Operation Persistence Weakness

The backupbuddy WordPress plugin was affected by an importbuddy.php Restore Operation Persistence Weakness security vulnerability...