Awesomemotive Duplicator
8 CVEs affecting Awesomemotive Duplicator. Latest disclosed: 2024-01-08. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-25095 | Critical | 9.8 | 2024-01-08 | The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If thi… |
CVE-2018-17207 | Critical | 9.8 | 2018-09-19 | An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can… |
CVE-2023-6114 | High | 7.5 | 2023-12-26 | The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory… |
CVE-2022-2551 | High | 7.5 | 2022-08-22 | The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin… |
CVE-2020-11738 | High | 7.5 | 2020-04-13 | The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to du… |
CVE-2023-33309 | High | 7.1 | 2023-05-28 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <= 4.5.11 versions. |
CVE-2018-7543 | Medium | 6.1 | 2018-03-26 | Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to i… |
CVE-2022-2552 | Medium | 5.3 | 2022-08-22 | The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software… |