Sensitive Information Exposure in BackupBuddy Plugin for WordPress
CVE-2013-2741

Currently unrated

Key Information:

Vendor: Wordpress
Status: Backupbuddy
Vendor: CVE Published:; 2 April 2013

Summary

The BackupBuddy plugin for WordPress has a significant security flaw in its importbuddy.php file that allows unauthorized access to sensitive information without requiring user authentication. This vulnerability enables remote attackers to exploit specific requests, leading to potential overwriting or deletion of critical files. The absence of proper authentication mechanisms places users at risk of data breaches and unauthorized system changes. It is crucial for users of affected versions to implement necessary security measures to mitigate these risks.

References

http://packetstormsecurity.com/files/120923

x_refsource_MISC

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 2, 2013