importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote malicious users to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ithemes backupbuddy 2.2.4 |
||
ithemes backupbuddy 2.2.28 |
||
ithemes backupbuddy 1.3.4 |
||
ithemes backupbuddy 2.1.4 |
||
ithemes backupbuddy 2.2.25 |