RSS   Vulnerabilities for 'Duplicator'   RSS

2020-04-13
 
CVE-2020-11738

CWE-22
 

 
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.

 
2018-03-26
 
CVE-2018-7543

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.

 
2017-11-14
 
CVE-2017-16815

CWE-79
 

 
installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly.

 
2017-08-07
 
CVE-2014-9262

 

 
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.

 


Copyright 2024, cxsecurity.com

 

Back to Top