Lucene search
K

93 matches found

Patchstack
Patchstack
added 2024/07/11 6:27 a.m.8 views

WordPress Duplicator plugin <= 1.5.9 - Full Path Disclosure vulnerability

Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Duplicator versions = 1.5.9...

5.3CVSS7AI score0.00579EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/07/11 3:15 a.m.32 views

CVE-2024-6210

The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify...

5.3CVSS0.00579EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/11 2:3 a.m.17 views

CVE-2024-6210 Duplicator <= 1.5.9 - Full Path Disclosure

The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify...

5.3CVSS6.7AI score0.00579EPSS
Exploits0References3
CVE
CVE
added 2024/07/11 2:3 a.m.113 views

CVE-2024-6210

Technical details (affected versions, root cause, exploit vectors, and fix specifics) are not publicly provided in the supplied documents. Monitor for updates from vendors and CVE records.

5.3CVSS5.7AI score0.00579EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/11 2:3 a.m.44 views

CVE-2024-6210 Duplicator <= 1.5.9 - Full Path Disclosure

The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify...

5.3CVSS0.00579EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.7 views

WordPress plugin Duplicator security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.6AI score0.00579EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/07/11 12:0 a.m.24 views

WordPress Duplicator Plugin <= 1.5.9 is vulnerable to Full Path Disclosure (FPD)

Software Duplicator Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.10 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-6210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d4d879d29752 Credits stealthcopter Required...

5.3CVSS6.6AI score0.00579EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.13 views

PT-2024-37453 · WordPress · Duplicator

Name of the Vulnerable Software and Affected Versions: Duplicator plugin for WordPress versions up to, and including, 1.5.9 Description: The issue allows unauthenticated attackers to obtain the full path to instances, which may be used in combination with other vulnerabilities or to simplify...

5.3CVSS6.8AI score0.00579EPSS
Exploits0References8
VulnCheck KEV
VulnCheck KEV
added 2024/04/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-6114

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory...

7.5CVSS7.1AI score0.30894EPSS
Exploits5References1
0day.today
0day.today
added 2024/03/11 12:0 a.m.379 views

WordPress Duplicator Plugin < 1.5.7.1 - Unauthenticated Sensitive Data Exposure Account Takeover

Exploit Title: WordPress Plugin Duplicator 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover Google Dork: inurl:"plugins/duplicator/" Date: 2023-12-04 Exploit Author: Dmitrii Ignatyev Vendor Homepage:...

7.5CVSS7.7AI score0.30894EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2024/02/28 4:41 p.m.9 views

CVE-2023-51681 WordPress Duplicator Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through 1.5.7...

6.5CVSS7AI score0.00252EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.11 views

PT-2024-14239 · WordPress · Duplicator – Wordpress Migration & Backup Plugin

Name of the Vulnerable Software and Affected Versions: Duplicator – WordPress Migration & Backup Plugin versions 1.5.7 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Duplicator – WordPress Migration & Backup Plugin. This issue allows for malicious requests to be made...

6.5CVSS7AI score0.00252EPSS
Exploits0References6
OSV
OSV
added 2024/01/08 7:15 p.m.4 views

CVE-2018-25095

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

9.8CVSS5.8AI score0.00916EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/01/08 7:0 p.m.11 views

CVE-2018-25095 Duplicator < 1.3.0 - Unauthenticated RCE

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

9.6AI score0.00916EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.7 views

PT-2024-10615

Name of the Vulnerable Software and Affected Versions Duplicator WordPress plugin versions prior to 1.3.0 Description The issue arises from the Duplicator WordPress plugin's installer script not properly escaping values when replacing them in WordPress configuration files. This could allow...

9.8CVSS8.9AI score0.00916EPSS
Exploits2References3
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.7 views

WordPress Duplicator Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Duplicator Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.7.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51681 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4d04c1cffc59 Credits Rafie Muhammad...

6.5CVSS6.6AI score0.00252EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/12/26 7:15 p.m.5 views

CVE-2023-6114

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is...

7.5CVSS5.9AI score0.30894EPSS
Exploits5References2
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.8 views

WordPress Plugin Duplicator Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS6.8AI score0.30894EPSS
Exploits5References3
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.7 views

PT-2023-32523 · WordPress · Duplicator +1

Name of the Vulnerable Software and Affected Versions: Duplicator WordPress plugin versions prior to 1.5.7.1 Duplicator Pro WordPress plugin versions prior to 4.5.14.2 Description: The issue concerns the Duplicator WordPress plugin and its Pro version, where the backups-dup-lite/tmp directory or...

7.5CVSS7.5AI score0.30894EPSS
Exploits5References9
NVD
NVD
added 2023/02/20 5:15 p.m.15 views

CVE-2016-15027

A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphrpostduplicatornotice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is...

6.1CVSS4.5AI score0.00633EPSS
Exploits0References4
Rows per page
Query Builder