CVE-2023-51681

Cross-Site Request Forgery CSRF vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through 1.5.7...

CVE-2018-25095

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

Code injection

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

CVE-2018-25095 Duplicator < 1.3.0 - Unauthenticated RCE

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

CVE-2022-2552

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site...

CVE-2022-2551

CVE-2022-2551 affects WordPress Duplicator plugin versions prior to 1.4.7. The vulnerability is an authentication bypass that causes the plugin to disclose the backup URL to unauthenticated users who access the main installer endpoint, enabling download of the full site backup without authenticat...

Cross-Site Scripting &#40;XSS&#41; in Duplicator WordPress Plugin

Advisory ID: HTB23162 Product: Duplicator WordPress Plugin Vendor: LifeInTheGrid Vulnerable Versions: 0.4.4 and probably prior Tested Version: 0.4.4 Vendor Notification: June 19, 2013 Vendor Patch: July 21, 2013 Public Disclosure: July 24, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...