CVE-2013-2742

Name of the Vulnerable Software and Affected Versions BackupBuddy plugin versions 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4

Description The issue arises from the importbuddy.php script in the BackupBuddy plugin, which does not reliably delete itself after completing a restore operation. This oversight makes it easier for remote attackers to obtain access via subsequent requests to this script.

Recommendations For BackupBuddy plugin version 1.3.4, consider manually deleting the importbuddy.php script after a restore operation to prevent unauthorized access. For BackupBuddy plugin version 2.1.4, consider manually deleting the importbuddy.php script after a restore operation to prevent unauthorized access. For BackupBuddy plugin version 2.2.25, consider manually deleting the importbuddy.php script after a restore operation to prevent unauthorized access. For BackupBuddy plugin version 2.2.28, consider manually deleting the importbuddy.php script after a restore operation to prevent unauthorized access. For BackupBuddy plugin version 2.2.4, consider manually deleting the importbuddy.php script after a restore operation to prevent unauthorized access.