importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote malicious users to obtain access via subsequent requests to this script.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ithemes backupbuddy 1.3.4 |
||
ithemes backupbuddy 2.1.4 |
||
ithemes backupbuddy 2.2.25 |
||
ithemes backupbuddy 2.2.4 |
||
ithemes backupbuddy 2.2.28 |