What the vulnerability does
01Description
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
CVSS base score
CVSS vector
CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N
What the vulnerability does
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
CISA mandated remediation
Apply updates per vendor instructions.
Key dates
External resources