Vulnerability Details CVE-2017-16815
installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.html
- https://snapcreek.com/duplicator/docs/changelog
- https://packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.html
- https://snapcreek.com/duplicator/docs/changelog
Products affected by CVE-2017-16815
-
cpe:2.3:a:snapcreek:duplicator:1.2.28