Vulnerabilities (CVE)

Filtered by vendor Snapcreek Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-25095	1 Snapcreek	1 Duplicator	2024-01-11	N/A	9.8 CRITICAL
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.
CVE-2020-11738	1 Snapcreek	1 Duplicator	2022-07-10	5.0 MEDIUM	7.5 HIGH
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
CVE-2018-17207	1 Snapcreek	1 Duplicator	2021-10-18	7.5 HIGH	9.8 CRITICAL
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
CVE-2018-7543	1 Snapcreek	1 Duplicator	2021-10-18	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.
CVE-2017-16815	1 Snapcreek	1 Duplicator	2017-11-30	4.3 MEDIUM	6.1 MEDIUM
installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly.
CVE-2014-9262	1 Snapcreek	1 Duplicator	2017-08-15	5.5 MEDIUM	8.2 HIGH
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.