Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-7543Cross-site Scripting in Duplicator

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
1.4%
top 19.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Awesomemotive Duplicator
Timeline
PublishedMar 26
Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-x5g3-xc68-hm4x: Cross-site scripting (XSS) vulnerability in installer/build/view2022-05-13
CVEList
CVE-2018-7543: Cross-site scripting (XSS) vulnerability in installer/build/view2018-03-26

💥Exploits & PoCs

1
Exploit-DB
WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting2018-03-15
CVE-2018-7543 — Cross-site Scripting in Duplicator | cvebase