What is CVE-2013-2741?

CVE-2013-2741 is a vulnerability in Ithemes Backupbuddy, classified under Improper Authentication. Published 2013-04-02.

Is CVE-2013-2741 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Ithemes Backupbuddy

CVE-2013-2741

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, v…

Vulnerability class: Broken Authentication

EPSS: 0.007 (71.6th percentile) — read the EPSS interpretation.

Affected products

Ithemes Backupbuddy — versions 1.3.4, 2.1.4, 2.2.4
Wordpress
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

20142995/nuclei-templates

References

cve@mitre.org (Exploit, x_refsource_MISC)
20130323 Backupbuddy wordpress plugin - sensitive data exposure in importbuddy.php (mailing-list, Exploit, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2013-2741?: CVE-2013-2741 is a vulnerability in Ithemes Backupbuddy, classified under Improper Authentication. Published 2013-04-02.
Is CVE-2013-2741 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.