National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Search Type: Search All
  • Contains Software Flaws (CVE)
  • Keyword (text search): BackupBuddy
There are 4 matching records.
Vuln ID Summary CVSS Severity
CVE-2013-2744

importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function.

Published: April 02, 2013; 08:09:11 AM -04:00
    V2: 5.0 MEDIUM
CVE-2013-2743

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter.

Published: April 02, 2013; 08:09:11 AM -04:00
    V2: 7.5 HIGH
CVE-2013-2742

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script.

Published: April 02, 2013; 08:09:11 AM -04:00
    V2: 7.5 HIGH
CVE-2013-2741

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.

Published: April 02, 2013; 08:09:11 AM -04:00
    V2: 7.5 HIGH