2 matches found
CVE-2018-25095 Duplicator < 1.3.0 - Unauthenticated RCE
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...
CVE-2018-25095
CVE-2018-25095 affects the Duplicator WordPress plugin prior to 1.3.0. The vulnerability arises from the installer script not properly escaping values when replacing them in WordPress configuration files, which could allow an attacker to execute arbitrary code on the server if the installer scrip...