WordPress Duplicator plugin <= 1.2.40 - Arbitrary Code Execution vulnerability

duplicator

Software
Duplicator
Versions
<= 1.2.40
Disclosure date
2018-09-05
CVE
CVE-N/A
References
Credits
Classification
Arbitrary Code Execution
OWASP Top 10
A1: Injection

Are your websites subject to this vulnerability?

Details

Arbitrary Code Execution vulnerability found in WordPress Duplicator plugin (versions <= 1.2.40).

Solution

Update the WordPress Duplicator plugin to the latest available version (at least 1.2.42).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.