WordPress BackupBuddy Plugin <= 2.2.4 - Sensitive Data Exposure #2

backupbuddy

Software
BackupBuddy
Versions
<= 2.2.4, 2.2.28, 2.2.25, 2.1.4, 1.3.4
Disclosure date
2013-04-01
CVE
CVE-2013-2742
References
Credits
Classification
Bypass Vulnerability
OWASP Top 10
A6: Sensitive Data Exposure

Are your websites subject to this vulnerability?

Details

Because of this vulnerability in the importbuddy.php, the plugin does not reliably delete itself after completing a restore operation. In that way the attackers can obtain access via subsequent requests to this script.

Solution

Update the plugin.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.