VYPR
Unrated severityNVD Advisory· Published Apr 2, 2013· Updated Jun 16, 2026

CVE-2013-2741

CVE-2013-2741

Description

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.

Affected products

6
  • cpe:2.3:a:ithemes:backupbuddy:1.3.4:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:ithemes:backupbuddy:1.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ithemes:backupbuddy:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ithemes:backupbuddy:2.2.25:*:*:*:*:*:*:*
    • cpe:2.3:a:ithemes:backupbuddy:2.2.28:*:*:*:*:*:*:*
    • cpe:2.3:a:ithemes:backupbuddy:2.2.4:*:*:*:*:*:*:*
  • Range: = 1.3.4 || = 2.1.4 || = 2.2.25 || = 2.2.28 || = 2.2.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.