Ithemes » Backupbuddy : Security Vulnerabilities, CVEs, (Bypass)
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter.
Max CVSS
7.5
EPSS Score
0.45%
Published
2013-04-02
Updated
2013-04-02
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.
Max CVSS
7.5
EPSS Score
0.45%
Published
2013-04-02
Updated
2013-04-02
2 vulnerabilities found