CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7543 – Duplicator <= 1.2.32 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-7543
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en installer/build/view.step4.php del plugin SnapCreek Duplicator 1.2.32 para WordPress permite a atacantes remotos ejecutar código JavaScript o HTML arbitrario mediante el parámetro json. WordPress Duplicator plugin version 1.2.32 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44288 https://snapcreek.com/duplicator/docs/changelog/?lite • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16815 – Duplicator <= 1.2.28 – Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16815
installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly. installer.php en el plugin Snap Creek Duplicator (WordPress Site Migration Backup) en versiones anteriores a la 1.2.30 para WordPress contiene XSS debido a que los valores "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) y "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) no se filtran correctamente. • https://packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.html https://snapcreek.com/duplicator/docs/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 2%CPEs: 1EXPL: 1CVE-2014-9262 – Duplicator < 0.5.10 - Arbitrary Backup Creation and Download
https://notcve.org/view.php?id=CVE-2014-9262
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. El plugin Duplicator para Wordpress en versiones anteriores a la 0.5.10 permite que atacantes remotos autenticados creen y descarguen archivos de copia de seguridad. • https://www.exploit-db.com/exploits/36112 • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •