Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is...

EUVD-2023-37472

Malicious code in bioql PyPI...

CVE-2023-33309

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Awesome Motive Duplicator Pro plugin = 4.5.11 versions...

PT-2023-32523 · WordPress · Duplicator +1

Name of the Vulnerable Software and Affected Versions: Duplicator WordPress plugin versions prior to 1.5.7.1 Duplicator Pro WordPress plugin versions prior to 4.5.14.2 Description: The issue concerns the Duplicator WordPress plugin and its Pro version, where the backups-dup-lite/tmp directory or...

CVE-2023-33309

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Awesome Motive Duplicator Pro plugin = 4.5.11 versions...

CVE-2023-33309

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Awesome Motive Duplicator Pro plugin = 4.5.11 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Awesome Motive Duplicator Pro plugin = 4.5.11 versions...

CVE-2023-33309

CVE-2023-33309 refers to an unauthenticated, reflected XSS in the Duplicator Pro WordPress plugin up to version 4.5.11. The vulnerability is triggered via input that is reflected in the plugin’s response, enabling potentially injected script execution in a victim’s browser. Public sources in the ...

CVE-2023-33309 WordPress Duplicator Pro Plugin <= 4.5.11 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Awesome Motive Duplicator Pro plugin = 4.5.11 versions...

CVE-2023-33309 WordPress Duplicator Pro Plugin <= 4.5.11 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Awesome Motive Duplicator Pro plugin = 4.5.11 versions...

PT-2023-24280 · WordPress · Duplicator Pro

Name of the Vulnerable Software and Affected Versions: Duplicator Pro plugin versions = 4.5.11 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to...

WordPress plugin Duplicator Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Duplicator Pro Plugin <= 4.5.11 is vulnerable to Cross Site Scripting (XSS)

Software Duplicator Pro Type Plugin Vulnerable versions = 4.5.11 Fixed in 4.5.11.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33309 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d61102a3e8cc Credits Rafie Muhammad...

Duplicator Pro < 4.5.11.1 - Unauthenticated Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...

WordPress Duplicator / Duplicator Pro Plugin Installer File Exposed (HTTP)

One or more installer files of the WordPress plugins Duplicator / Duplicator Pro are exposed on the target system. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

VulnCheck KEV: CVE-2020-11738

WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro...

WordPress Snap Creek Duplicator and Duplicator Pro Path Traversal Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Snap Creek Duplicator is one of the WordPress site migration plugins used in it. A path traversal vulnerability exists in WordPress Sna...

CVE-2020-11738

The Snap Creek Duplicator plugin before 1.3.28 for WordPress and Duplicator Pro before 3.8.7.1 allows Directory Traversal via ../ in the file parameter to duplicatordownload or duplicatorinit...

Duplicator Pro 1.3.14 Local Information Disclosure

Product: Duplicator Pro Vendor: SnapCreek Website: https://snapcreek.com/ Discovered by: Evolution Hosting Version vulnerable: = 1.3.14 Fixed in: 1.3.15+ Vulnerability Type: Information Disclosure, local exposure of entire webinstallation content remotely triggerable: not for itself. Needs wp adm...