Authentication Bypass Vulnerability in BackupBuddy Plugin for WordPress
CVE-2013-2743

Currently unrated

Key Information:

Vendor: Wordpress
Status: Backupbuddy
Vendor: CVE Published:; 2 April 2013

Summary

The BackupBuddy plugin for WordPress has been found to contain an authentication bypass vulnerability in the importbuddy.php file. This issue arises when an attacker crafts a specific integer in the 'step' parameter, allowing them to bypass authentication mechanisms. By exploiting this flaw, a remote attacker could potentially access sensitive parts of the application without proper credentials. Administrators are advised to review their plugin installations and ensure that they are updated to the latest versions to mitigate this risk.

References

http://packetstormsecurity.com/files/120923

x_refsource_MISC

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 2, 2013