The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.

The WordPress application running on the remote host has a version of the 'Duplicator' plugin that is affected by a directory traversal vulnerability in the duplicator_download and duplicator_init functions due to improper validation of user supplied input. An unauthenticated, remote attacker can exploit this issue by sending a specially crafted request to download arbitrary files.

The WordPress application running on the remote host has a version of the 'Duplicator' plugin that is prior to 1.3.28 and, thus, is affected by an unauthenticated arbitrary file download vulnerability that can allow the attackers to download 'wp-config.php' and steal database credentials.

The WordPress Duplicator Plugin installed on the remote host is affected by an unauthenticated arbitrary file download vulnerability due to improper access controls.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
140193	WordPress Plugin 'Duplicator' Directory Traversal (CVE-2020-11738)	Nessus	CGI abuses	high
133846	WordPress Plugin 'Duplicator' < 1.3.28 Unauthenticated Arbitrary File Download	Nessus	CGI abuses	high
98941	Duplicator Plugin for WordPress < 1.3.28 Arbitrary File Download	Web App Scanning	Component Vulnerability	high

Detections

Analytics

CVE-2020-11738

high

Tenable Plugins

high

high

high