CVE-2013-2741
Published Apr 2, 2013
Last updated 12 years ago
Overview
- Description
- importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-287
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ithemes:backupbuddy:1.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E78D208-6A3A-4608-9109-A66DF10954A1"
},
{
"criteria": "cpe:2.3:a:ithemes:backupbuddy:2.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A874CB8C-4A58-4C69-9E72-EA23DD8469CC"
},
{
"criteria": "cpe:2.3:a:ithemes:backupbuddy:2.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1C4CC48-3852-46C5-BCE3-3AD2AD752D9E"
},
{
"criteria": "cpe:2.3:a:ithemes:backupbuddy:2.2.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0909EBD6-E9B9-4B3B-AAF8-65CA3D37D5B9"
},
{
"criteria": "cpe:2.3:a:ithemes:backupbuddy:2.2.28:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A9D1686-F217-4765-AC5E-2048293FF44B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]