WordPress Plugin Vulnerabilities

Backupbuddy - importbuddy.php step Parameter Manipulation Authentication Bypass

Description

The backupbuddy WordPress plugin was affected by an importbuddy.php step Parameter Manipulation Authentication Bypass security vulnerability.

Affects Plugins

Plugin icon
backupbuddy
Fixed in 3.0

References

CVE
CVE-2013-2743
URL
https://packetstormsecurity.com/files/#120923/
URL
https://seclists.org/fulldisclosure/2013/Mar/206

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Verified
No
WPVDB ID
7a4e61f7-f550-405a-bc30-e6f46e2d470a

Timeline

Publicly Published
2013-03-24 (about 11 years ago)
Added
2014-08-01 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)

Other

Published
Title
Published
2021-03-08
Title
The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
Published
2021-02-02
Title
MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple
Published
2020-11-22
Title
WooCommerce Anti-Fraud < 3.9 - Unauthenticated Order Status Manipulation
Published
2024-03-11
Title
Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access
Published
2014-08-01
Title
WordPress 3.7.1 & 3.8.1 - Potential Authentication Cookie Forgery