CVE-2026-2301

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...

CVE-2026-2301

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...

CVE-2021-33852

A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or th...

EUVD-2014-9087

Malware in sbrugna...

EUVD-2021-20526

Malware in sbrugna...

EUVD-2018-13847

Malware in sbrugna...

EUVD-2013-4481

Malware in sbrugna...

EUVD-2024-47346

Malicious code in bioql PyPI...

EUVD-2023-56381

Malicious code in bioql PyPI...

CVE-2023-6114

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is...

CVE-2023-51681

Cross-Site Request Forgery CSRF vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through 1.5.7...

CVE-2022-2552

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site...

CVE-2022-2551

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...

CVE-2017-16815

installer.php in the Snap Creek Duplicator WordPress Site Migration & Backup plugin before 1.2.30 for WordPress has XSS because the values "urlnew" /wp-content/plugins/duplicator/installer/build/view.step4.php and "logging" wp-content/plugins/duplicator/installer/build/view.step2.php are not...

CVE-2018-25095

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

CVE-2025-27282 WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Using Malicious Files.This issue affects Theme File Duplicator: from n/a through = 1.3...

CVE-2025-31845 WordPress Theme Duplicator Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rohit Choudhary Theme Duplicator allows Cross Site Request Forgery. This issue affects Theme Duplicator: from n/a through 1.1...

CVE-2025-31845 WordPress Theme Duplicator Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rohit Choudhary Theme Duplicator theme-duplicator allows Cross Site Request Forgery.This issue affects Theme Duplicator: from n/a through = 1.1...

CVE-2025-24736 WordPress Post Duplicator plugin <= 2.35 - Broken Access Control vulnerability

Missing Authorization vulnerability in metaphorcreations Post Duplicator post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through = 2.35...

WordPress Duplicator plugin <= 1.5.9 - Full Path Disclosure vulnerability

Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Duplicator versions = 1.5.9...