Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <= 4.5.11 versions.
7.1CVSS
6AI Score
0.0005EPSS
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory (or the backups-dup-pro/tmp directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is...
7.5CVSS
7.5AI Score
0.011EPSS