Duplicator
by Snapcreek
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11738 | Hig | 0.72 | 7.5 | 0.98 | KEV | Apr 13, 2020 | The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init. | |
| CVE-2018-17207 | Cri | 0.71 | 9.8 | 0.58 | Sep 19, 2018 | An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. | ||
| CVE-2014-9262 | Hig | 0.57 | 8.2 | 0.07 | Aug 7, 2017 | The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | ||
| CVE-2017-16815 | Med | 0.40 | 6.1 | 0.01 | Nov 14, 2017 | installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view… | ||
| CVE-2013-4625 | 0.04 | — | 0.11 | Aug 9, 2013 | Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. |
- risk 0.72cvss 7.5epss 0.98
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
- risk 0.71cvss 9.8epss 0.58
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
- risk 0.57cvss 8.2epss 0.07
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.
- risk 0.40cvss 6.1epss 0.01
installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view…
- CVE-2013-4625Aug 9, 2013risk 0.04cvss —epss 0.11
Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.