VYPR

Duplicator

by Snapcreek

CVEs (5)

  • CVE-2020-11738HigKEVApr 13, 2020
    risk 0.72cvss 7.5epss 0.98

    The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.

  • CVE-2018-17207CriSep 19, 2018
    risk 0.71cvss 9.8epss 0.58

    An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.

  • CVE-2014-9262HigAug 7, 2017
    risk 0.57cvss 8.2epss 0.07

    The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.

  • CVE-2017-16815MedNov 14, 2017
    risk 0.40cvss 6.1epss 0.01

    installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view…

  • CVE-2013-4625Aug 9, 2013
    risk 0.04cvss epss 0.11

    Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.