Описание
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script.
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:ithemes:backupbuddy:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ithemes:backupbuddy:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:ithemes:backupbuddy:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ithemes:backupbuddy:2.2.25:*:*:*:*:*:*:*
cpe:2.3:a:ithemes:backupbuddy:2.2.28:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00515
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
около 3 лет назад
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script.
EPSS
Процентиль: 66%
0.00515
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other