What is CVE-2013-2743?

CVE-2013-2743 is a vulnerability in Ithemes Backupbuddy, classified under Improper Authentication. Published 2013-04-02.

Is CVE-2013-2743 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Ithemes Backupbuddy

CVE-2013-2743

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter.

Vulnerability class: Broken Authentication

EPSS: 0.003 (51.8th percentile) — read the EPSS interpretation.

Affected products

Ithemes Backupbuddy — versions 1.3.4, 2.1.4, 2.2.4
Wordpress
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

20142995/nuclei-templates

References

cve@mitre.org (Exploit, x_refsource_MISC)
20130323 Backupbuddy wordpress plugin - sensitive data exposure in importbuddy.php (mailing-list, Exploit, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2013-2743?: CVE-2013-2743 is a vulnerability in Ithemes Backupbuddy, classified under Improper Authentication. Published 2013-04-02.
Is CVE-2013-2743 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.