ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Duplicator Plugin <= 0.5.14 - SQL Injection and CSRF

Product
Duplicator
Description
Duplicator plugin is prone to an SQL injection and cross-site request forgery vulnerabilities that allow an attacker to get an authenticated admin by executing arbitrary SQL queries.
Solution
Upgrade the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 0.5.14
Fixed In 0.5.15
Disclosure date
2015-04-13
Credits
Claudio Viviani