Backupbuddy Security Vulnerabilities and Issues — Backupbuddy CVE List

Lucene search

IthemesBackupbuddy

4 matches found

CVE•added 2013/04/02 12:9 p.m.•36 views

CVE-2013-2742

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script.

7.5CVSS6.7AI score0.00515EPSS

CVE•added 2013/04/02 12:9 p.m.•34 views

CVE-2013-2741

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 reques...

7.5CVSS6.9AI score0.00664EPSS

CVE•added 2013/04/02 12:9 p.m.•32 views

CVE-2013-2743

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter.

7.5CVSS7.1AI score0.00281EPSS

CVE•added 2013/04/02 12:9 p.m.•28 views

CVE-2013-2744

importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function.

5CVSS6.5AI score0.00261EPSS