CVE-2013-2741

Name of the Vulnerable Software and Affected Versions BackupBuddy plugin versions 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4

Description The issue allows remote attackers to obtain sensitive information, or overwrite or delete files, via various vectors involving direct or step-specific requests to importbuddy.php. This is possible because the importbuddy.php file in the affected plugin does not require authentication to be enabled.

Recommendations For BackupBuddy plugin version 1.3.4, update to a version that requires authentication for importbuddy.php. For BackupBuddy plugin version 2.1.4, update to a version that requires authentication for importbuddy.php. For BackupBuddy plugin version 2.2.25, update to a version that requires authentication for importbuddy.php. For BackupBuddy plugin version 2.2.28, update to a version that requires authentication for importbuddy.php. For BackupBuddy plugin version 2.2.4, update to a version that requires authentication for importbuddy.php.