Awesomemotive: >> Duplicator >> 1.0.17.1 Security Vulnerabilities
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.
CVSS Score
7.5
EPSS Score
0.613
Published
2023-12-26
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <= 4.5.11 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-05-28
CVE-2020-11738
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
Known exploited
CVSS Score
7.5
EPSS Score
0.943
Published
2020-04-13