CVE-2013-2741 Information

Description

importbuddy.php in the BackupBuddy plugin 1.3.4 2.1.4 2.2.25 2.2.28 and 2.2.4 for WordPress does not require that authentication be enabled which allows remote attackers to obtain sensitive information or overwrite or delete files via vectors involving a (1) direct request (2) step=1 request (3) step=2 or step=3 request or (4) step=7 request.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html http://packetstormsecurity.com/files/120923