Awesomemotive Duplicator

8 CVEs affecting Awesomemotive Duplicator. Latest disclosed: 2024-01-08. Critical: 2, High: 4.

Top CVEs affecting Awesomemotive Duplicator
CVESeverityScorePublishedSummary
CVE-2018-25095Critical9.82024-01-08The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If thi…
CVE-2018-17207Critical9.82018-09-19An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can…
CVE-2023-6114High7.52023-12-26The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory…
CVE-2022-2551High7.52022-08-22The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin…
CVE-2020-11738High7.52020-04-13The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to du…
CVE-2023-33309High7.12023-05-28Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <= 4.5.11 versions.
CVE-2018-7543Medium6.12018-03-26Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to i…
CVE-2022-2552Medium5.32022-08-22The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software…