Lucene search
Ricardo SanchezPATCHSTACK:FCA9BF36F77D52A9AA271324CD2DADD9HistoryNov 20, 2017 - 12:00 a.m.
WordPress Duplicator plugin <=1.2.28 – Stored Cross-Site Scripting (XSS) vulnerability
2017-11-2000:00:00
Ricardo Sanchez
patchstack.com
3
0.001 Low
EPSS
Percentile
35.4%
Stored Cross-Site Scripting (XSS) vulnerability found by Ricardo Sanchez in WordPress Duplicator plugin (versions <=1.2.28). The plugin is vulnerable due to incorrectly filtered values “url_new” and “logging”.
Solution
Update the WordPress Duplicator plugin to the latest available version (at least version 1.2.30).
| CPE | Name | Operator | Version |
|---|---|---|---|
| duplicator | le | 1.2.28 |
Related
openvas
openvas
WordPress Duplicator Plugin < 1.2.30 XSS Vulnerability
2017-11-17 00:00:00
nvd
nvd
CVE-2017-16815
2017-11-14 19:29:00
threatpost
threatpost
Old WordPress Plugin Being Exploited in RCE Attacks
2018-09-17 17:19:25
wpvulndb
wpvulndb
Duplicator <= 1.2.28 – Unauthenticated Stored Cross-Site Scripting (XSS)
2017-11-07 00:00:00
prion
prion
Design/Logic Flaw
2017-11-14 19:29:00
cve
cve
CVE-2017-16815
2022-10-03 16:23:21
cvelist
cvelist
CVE-2017-16815
2022-10-03 16:23:21