Published: 26/12/2023 Updated: 05/01/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

The Duplicator WordPress plugin prior to 1.5.7.1, Duplicator Pro WordPress plugin prior to 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated malicious users to discover and access these sensitive files, which include a full database dump and a zip archive of the site.

Vulnerable Product	Search on Vulmon	Subscribe to Product
awesomemotive duplicator

Check Point Reference: CPAI-2023-1606 Date Published: 31 Mar 2024 Severity: High ...

WordPress Duplicator plugin versions prior to 1571 suffer from an unauthenticated sensitive data exposure vulnerability that can lead to account takeover ...

CWE-552 https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1 https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing https://nvd.nist.gov https://packetstormsecurity.com/files/177521/WordPress-Duplicator-Data-Exposure-Account-Takeover.html https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1606.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-6114

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect