93 matches found
WordPress Duplicator plugin <= 1.5.9 - Full Path Disclosure vulnerability
Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Duplicator versions = 1.5.9...
CVE-2024-6210
The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify...
CVE-2024-6210 Duplicator <= 1.5.9 - Full Path Disclosure
The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify...
CVE-2024-6210
Technical details (affected versions, root cause, exploit vectors, and fix specifics) are not publicly provided in the supplied documents. Monitor for updates from vendors and CVE records.
CVE-2024-6210 Duplicator <= 1.5.9 - Full Path Disclosure
The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify...
WordPress plugin Duplicator security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Duplicator Plugin <= 1.5.9 is vulnerable to Full Path Disclosure (FPD)
Software Duplicator Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.10 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-6210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d4d879d29752 Credits stealthcopter Required...
PT-2024-37453 · WordPress · Duplicator
Name of the Vulnerable Software and Affected Versions: Duplicator plugin for WordPress versions up to, and including, 1.5.9 Description: The issue allows unauthenticated attackers to obtain the full path to instances, which may be used in combination with other vulnerabilities or to simplify...
VulnCheck KEV: CVE-2023-6114
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory...
WordPress Duplicator Plugin < 1.5.7.1 - Unauthenticated Sensitive Data Exposure Account Takeover
Exploit Title: WordPress Plugin Duplicator 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover Google Dork: inurl:"plugins/duplicator/" Date: 2023-12-04 Exploit Author: Dmitrii Ignatyev Vendor Homepage:...
CVE-2023-51681 WordPress Duplicator Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through 1.5.7...
PT-2024-14239 · WordPress · Duplicator – Wordpress Migration & Backup Plugin
Name of the Vulnerable Software and Affected Versions: Duplicator – WordPress Migration & Backup Plugin versions 1.5.7 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Duplicator – WordPress Migration & Backup Plugin. This issue allows for malicious requests to be made...
CVE-2018-25095
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...
CVE-2018-25095 Duplicator < 1.3.0 - Unauthenticated RCE
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...
PT-2024-10615
Name of the Vulnerable Software and Affected Versions Duplicator WordPress plugin versions prior to 1.3.0 Description The issue arises from the Duplicator WordPress plugin's installer script not properly escaping values when replacing them in WordPress configuration files. This could allow...
WordPress Duplicator Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Duplicator Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.7.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51681 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4d04c1cffc59 Credits Rafie Muhammad...
CVE-2023-6114
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is...
WordPress Plugin Duplicator Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2023-32523 · WordPress · Duplicator +1
Name of the Vulnerable Software and Affected Versions: Duplicator WordPress plugin versions prior to 1.5.7.1 Duplicator Pro WordPress plugin versions prior to 4.5.14.2 Description: The issue concerns the Duplicator WordPress plugin and its Pro version, where the backups-dup-lite/tmp directory or...
CVE-2016-15027
A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphrpostduplicatornotice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is...