WordPress Duplicator <1.4.7 - Authentication Bypass

WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site back...

WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion

WordPress Duplicator 1.3.24 & 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two versions v1.3.24 and v1.3.26, the vulnerability wasn't...

EUVD-2018-19270

Malware in sbrugna...

WordPress Duplicator 3.8.8 Backup Disclosure

==================================================================================================================================== | Title : WordPress - Duplicator 3.8.8 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

WordPress Duplicator 1.4.7 Information Disclosure

Exploit Title: WordPress Plugin Duplicator 1.4.7 - Information Disclosure Google Dork: N/A Date: 07.27.2022 Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: = 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2552...

WordPress Duplicator 1.4.7 Plugin - Information Disclosure Vulnerability

Exploit Title: WordPress Plugin Duplicator 1.4.7 - Information Disclosure Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: = 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2552 Reference: https://securitrust.fr...

Wordpress Duplicator 1.3.26 Plugin - Unauthenticated Arbitrary File Read Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Duplicator File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in...

Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Duplicator File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in...

Duplicator Pro 1.3.14 Local Information Disclosure

Product: Duplicator Pro Vendor: SnapCreek Website: https://snapcreek.com/ Discovered by: Evolution Hosting Version vulnerable: = 1.3.14 Fixed in: 1.3.15+ Vulnerability Type: Information Disclosure, local exposure of entire webinstallation content remotely triggerable: not for itself. Needs wp adm...

CVE-2018-7543

Cross-site scripting XSS vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter...

CVE-2018-7543

CVE-2018-7543 is a cross-site scripting (XSS) vulnerability in the WordPress Duplicator plugin version 1.2.32. The issue lies in installer/build/view.step4.php where the json parameter can inject arbitrary JavaScript/HTML. Public references (Exploit-DB, PacketStorm, PatchStack) document a reflect...

CVE-2018-7543

Cross-site scripting XSS vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter...

WordPress Duplicator 1.2.32 Plugin - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title : Duplicator Wordpress Migration Plugin Reflected Cross Site Scripting XSS Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://snapcreek.com/ Software Link:...

WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting

WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting Exploit Title : Duplicator Wordpress Migration Plugin Reflected Cross Site Scripting XSS Date: 25-02-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://snapcreek.com/ Software Link:...

WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting

Exploit Title : Duplicator Wordpress Migration Plugin Reflected Cross Site Scripting XSS Date: 25-02-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: 1.2.32 CV...