Backupbuddy Security Vulnerabilities and Issues — Backupbuddy CVE List

Lucene search

IthemesBackupbuddy

6 matches found

CVE•added 2023/03/13 2:15 p.m.•939 views

CVE-2022-31474

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1.

7.5CVSS7.4AI score0.92379EPSS

CVE•added 2023/02/21 9:15 a.m.•66 views

CVE-2022-4897

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting

6.1CVSS6.2AI score0.13058EPSS

CVE•added 2013/04/02 12:9 p.m.•36 views

CVE-2013-2742

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script.

7.5CVSS6.7AI score0.00515EPSS

CVE•added 2013/04/02 12:9 p.m.•34 views

CVE-2013-2741

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 reques...

7.5CVSS6.9AI score0.00664EPSS

CVE•added 2013/04/02 12:9 p.m.•32 views

CVE-2013-2743

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter.

7.5CVSS7.1AI score0.00281EPSS

CVE•added 2013/04/02 12:9 p.m.•28 views

CVE-2013-2744

importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function.

5CVSS6.5AI score0.00261EPSS