Duplicator – WordPress Migration & Backup Plugin, CVE-2020-11738

CVE, Research URL: CVE-2020-11738
Home page URL: Security reports for Duplicator – WordPress Migration & Backup Plugin
Application: Duplicator – WordPress Migration & Backup Plugin
Published on: Apr 14, 2020
Research Description: The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
Affected versions: Min -, max 1.3.28.
Status: vulnerable

Duplicator &#8211; WordPress Migration &amp; Backup Plugin, CVE-2020-11738