ThreatPress

WordPress Vulnerabilities Database

Back

WordPress BackupBuddy Plugin <= 2.2.4 - Sensitive Data Exposure #2

Product
BackupBuddy
Description
Because of this vulnerability in the importbuddy.php, the plugin does not reliably delete itself after completing a restore operation. In that way the attackers can obtain access via subsequent requests to this script.
Solution
Update the plugin.
Classification
Type BYPASS
OWASP Top 10 A6: Sensitive Data Exposure
References
CVE Mitre
CVE
Name CVE-2013-2742
Versions
Affected In <= 2.2.4, 2.2.28, 2.2.25, 2.1.4, 1.3.4
Fixed In 2.2.5
Disclosure date
2013-04-01
Credits
Rob Armstrong