Unrated severityNVD Advisory· Published Apr 2, 2013· Updated Jun 16, 2026
CVE-2013-2741
CVE-2013-2741
Description
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.
Affected products
6cpe:2.3:a:ithemes:backupbuddy:1.3.4:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:ithemes:backupbuddy:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:ithemes:backupbuddy:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ithemes:backupbuddy:2.2.25:*:*:*:*:*:*:*
- cpe:2.3:a:ithemes:backupbuddy:2.2.28:*:*:*:*:*:*:*
- cpe:2.3:a:ithemes:backupbuddy:2.2.4:*:*:*:*:*:*:*
- Range: = 1.3.4 || = 2.1.4 || = 2.2.25 || = 2.2.28 || = 2.2.4
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.