Medium severity6.1NVD Advisory· Published Nov 14, 2017· Updated Jun 17, 2026
CVE-2017-16815
CVE-2017-16815
Description
installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:snapcreek:duplicator:1.2.28:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:snapcreek:duplicator:1.2.28:*:*:*:*:wordpress:*:*
- (no CPE)range: <1.2.30
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.htmlnvdThird Party AdvisoryVDB Entry
- snapcreek.com/duplicator/docs/changelognvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.