⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-11738Path Traversal in Duplicator

CWE-22Path Traversal8 documents7 sources
Severity
7.5HIGHNVD
EPSS
94.1%
top 0.09%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Awesomemotive Duplicator
Timeline
PublishedApr 13
KEV addedNov 3
KEV dueMay 3
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDawesomemotive/duplicator< 1.3.28+1

🔴Vulnerability Details

3
GHSA
GHSA-wfr8-hp36-c4v2: The Snap Creek Duplicator plugin before 12022-05-24
CVEList
CVE-2020-11738: The Snap Creek Duplicator plugin before 12020-04-13
VulnCheck
WordPress Snap Creek Duplicator Plugin File Download Vulnerability2020

💥Exploits & PoCs

3
Exploit-DB
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read2021-10-18
Exploit-DB
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)2020-12-18
Nuclei
WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion

📋Vendor Advisories

1
CISA
WordPress Snap Creek Duplicator Plugin File Download Vulnerability2021-11-03
CVE-2020-11738 — Path Traversal in Duplicator | cvebase