CVE-2020-11738 HIGH

CVE-2020-11738

Vendor N/A
Product n/a
KEV Status Known Exploited
Published April 13, 2020
Last update January 12, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N

What the vulnerability does

01Description

The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

April 13, 2020 CVE published
January 12, 2026 Record updated