The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory (or the backups-dup-pro/tmp directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing...
7.5CVSS
7.5AI Score
0.013EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <= 4.5.11...
7.1CVSS
6AI Score
0.001EPSS
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or...