93 matches found
CVE-2014-9262
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files...
Design/Logic Flaw
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files...
CVE-2014-9262
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files...
CVE-2014-9262
The WordPress Duplicator plugin is affected: versions before 0.5.10 allow remote authenticated users to create and download backup files. This represents a privilege/permission issue that can expose site data. Impact is limited to authenticated users and backups; no mention of remote unauthentica...
WordPress Duplicator plugin cross-site request forgery vulnerability
WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports the hosting of personal blog sites on servers running PHP and MySQL.Duplicator is one of the extension plugins used to migrate/clone a site to another location. A cross-si...
WordPress Duplicator Plugin <= 1.1.3 - Cross Site Request Forgery
This plugin is prone to a cross site request forgery vulnerability. Solution Update the plugin...
WordPress plugin Duplicator views/actions.php duplicator_delid parameter SQL injection vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Duplicator Plugin for WordPress is a plugin for WordPress. Duplicator Plugin for WordPress views/actions.php script handles a...
Duplicator <= 0.5.14 - SQL Injection & CSRF
An authorised user with "export" permission or a remote unauthenticated attacker could use this vulnerability to execute arbitrary SQL queries on the victim WordPress web site by enticing an authenticated admin CSRF. PoC http://www.example.com/wp-admin/admin-ajax.php?action=duplicatorpackagedelet...
CVE-2013-4625
Cross-site scripting XSS vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter...
CVE-2013-4625
Cross-site scripting XSS vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter...
CVE-2013-4625
The CVE-2013-4625 entry concerns WordPress Duplicator Plugin (vulnerable up to 0.4.4, fixed in 0.4.5). The vulnerability is an XSS in files/installer.cleanup.php where the package parameter is insufficiently sanitized, allowing remote attackers to inject arbitrary script/HTML. Evidence from multi...
WordPress Duplicator 0.4.4 Cross Site Scripting
No description provided by source. Advisory ID: HTB23162 Product: Duplicator WordPress Plugin Vendor: LifeInTheGrid Vulnerable Versions: 0.4.4 and probably prior Tested Version: 0.4.4 Vendor Notification: June 19, 2013 Vendor Patch: July 21, 2013 Public Disclosure: July 24, 2013 Vulnerability Typ...