What is CVE-2013-2744?

CVE-2013-2744 is a vulnerability in Ithemes Backupbuddy, classified under Information Disclosure. Published 2013-04-02.

Is CVE-2013-2744 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Ithemes Backupbuddy

CVE-2013-2744

importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function.

Vulnerability class: Information Disclosure

EPSS: 0.003 (49.8th percentile) — read the EPSS interpretation.

Affected products

Ithemes Backupbuddy — versions 2.2.25
Wordpress
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

20142995/nuclei-templates

References

cve@mitre.org (Exploit, x_refsource_MISC)
20130323 Backupbuddy wordpress plugin - sensitive data exposure in importbuddy.php (mailing-list, Exploit, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2013-2744?: CVE-2013-2744 is a vulnerability in Ithemes Backupbuddy, classified under Information Disclosure. Published 2013-04-02.
Is CVE-2013-2744 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.