{"api_version":"1","generated_at":"2026-05-01T20:38:07+00:00","cve":"CVE-2013-2741","urls":{"html":"https://cve.report/CVE-2013-2741","api":"https://cve.report/api/cve/CVE-2013-2741.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-2741","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-2741"},"summary":{"title":"CVE-2013-2741","description":"importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.","state":"PUBLISHED","assigner":"mitre","published_at":"2013-04-02 12:09:11","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-287","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://packetstormsecurity.com/files/120923","name":"http://packetstormsecurity.com/files/120923","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Backupbuddy 2.2.4 Sensitive Data Exposure ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html","name":"http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-2741","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2741","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"2741","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ithemes","cpe5":"backupbuddy","cpe6":"1.3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2741","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ithemes","cpe5":"backupbuddy","cpe6":"2.1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2741","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ithemes","cpe5":"backupbuddy","cpe6":"2.2.25","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2741","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ithemes","cpe5":"backupbuddy","cpe6":"2.2.28","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2741","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ithemes","cpe5":"backupbuddy","cpe6":"2.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2741","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wordpress","cpe5":"wordpress","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T15:44:33.607Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/120923"},{"name":"20130323 Backupbuddy wordpress plugin - sensitive data exposure in importbuddy.php","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2013-04-02T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/120923"},{"name":"20130323 Backupbuddy wordpress plugin - sensitive data exposure in importbuddy.php","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2013-2741","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://packetstormsecurity.com/files/120923","refsource":"MISC","url":"http://packetstormsecurity.com/files/120923"},{"name":"20130323 Backupbuddy wordpress plugin - sensitive data exposure in importbuddy.php","refsource":"FULLDISC","url":"http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2013-2741","datePublished":"2013-04-02T10:00:00.000Z","dateReserved":"2013-04-01T00:00:00.000Z","dateUpdated":"2024-09-17T03:03:17.498Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2013-04-02 12:09:11","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-287","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ithemes:backupbuddy:1.3.4:*:*:*:*:*:*:*","matchCriteriaId":"2E78D208-6A3A-4608-9109-A66DF10954A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ithemes:backupbuddy:2.1.4:*:*:*:*:*:*:*","matchCriteriaId":"A874CB8C-4A58-4C69-9E72-EA23DD8469CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ithemes:backupbuddy:2.2.4:*:*:*:*:*:*:*","matchCriteriaId":"C1C4CC48-3852-46C5-BCE3-3AD2AD752D9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ithemes:backupbuddy:2.2.25:*:*:*:*:*:*:*","matchCriteriaId":"0909EBD6-E9B9-4B3B-AAF8-65CA3D37D5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ithemes:backupbuddy:2.2.28:*:*:*:*:*:*:*","matchCriteriaId":"9A9D1686-F217-4765-AC5E-2048293FF44B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*","matchCriteriaId":"A77EB0E7-7FA7-4232-97DF-7C7587D163F1"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"2741","Ordinal":"1","Title":"CVE-2013-2741","CVE":"CVE-2013-2741","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"2741","Ordinal":"1","NoteData":"importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.","Type":"Description","Title":"CVE-2013-2741"},{"CveYear":"2013","CveId":"2741","Ordinal":"2","NoteData":"2013-04-02","Type":"Other","Title":"Published"}]}}}