The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory (or the backups-dup-pro/tmp directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing...
7.5CVSS
7AI Score
0.016EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <= 4.5.11...
6.1CVSS
6.1AI Score
0.0005EPSS
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or...