ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Duplicator plugin <= 1.3.26 - Unauthenticated Arbitrary File Download vulnerability

Product
Duplicator
Description
Unauthenticated Arbitrary File Download vulnerability found in the WordPress Duplicator plugin (versions <= 1.3.26).
Solution
Update the WordPress Duplicator plugin to the latest available version (at least 1.3.28).
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 1.3.26
Fixed In 1.3.28
Disclosure date
2020-02-20
Submitter
ThreatPress