Duplicator – WordPress Migration & Backup Plugin

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Duplicator – WordPress Migration & Backup Plugin

Information

Software Type Plugin
Software Slug duplicator (view on wordpress.org)
Software Status Active
Software Author smub
Software Website duplicator.com
Software Downloads 41,974,742
Software Active Installs 1,000,000
Software Record Last Updated May 11, 2024

14 Vulnerabilities

Duplicator <= 1.5.7 - Cross-Site Request Forgery via views/tools/diagnostics/information.php
4.3
CVE-2023-51681
Dec 27, 2023
Researcher: Rafie Muhammad
Duplicator < 1.3.0 - Unauthenticated Remote Code Execution
9.8
CVE-2018-25095
Dec 15, 2023
Researcher: Jeremy Lim
Duplicator <= 1.5.7 AND Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Information Exposure
9.8
CVE-2023-6114
Dec 4, 2023
Researcher: Dmitrii Ignatyev
Duplicator – WordPress Migration Plugin <= 1.4.7 - Sensitive Information Disclosure
7.5
CVE-2022-2552
Jul 27, 2022
Researcher: SecuriTrust
Duplicator – WordPress Migration Plugin <= 1.4.7 - Unauthenticated Backup Download
9.8
CVE-2022-2551
Jul 27, 2022
Researcher: SecuriTrust
Duplicator < 1.3.28 - Directory Traversal
7.5
CVE-2020-11738
Feb 28, 2020
Researcher: nam3lum
Duplicator <= 1.2.41 - Sensitive Information Disclosure leading to Remote Code Execution
9.8
CVE-2018-17207
Aug 29, 2018
Researchers: Thomas Chauchefoin, Julien Legras
Duplicator <= 1.2.32 - Cross-Site Scripting
6.1
CVE-2018-7543
Mar 15, 2018
Researchers:
Duplicator <= 1.2.28 – Unauthenticated Stored Cross-Site Scripting
6.1
CVE-2017-16815
Nov 7, 2017
Researchers:
Duplicator < 1.1.4 - Cross-Site Request Forgery
6.5
CVE ID Unknown
Feb 9, 2016
Researcher: Ratiosec
Duplicator <= 0.5.26 - Authenticated (Admin+) Cross-Site Scripting
5.5
CVE ID Unknown
Aug 15, 2015
Researcher: Marcin Probola
Duplicator <= 0.5.14 - SQL Injection
8.8
CVE ID Unknown
Apr 10, 2015
Researcher: Claudio Viviani
Duplicator < 0.5.10 - Arbitrary Backup Creation and Download
8.2
CVE-2014-9262
Feb 19, 2015
Researcher: Kacper Szurek
Duplicator – WordPress Migration Plugin <= 0.4.4 - Cross-Site Scripting
6.1
CVE-2013-4625
Aug 1, 2014
Researcher: High-Tech Bridge Security Research Lab
Title CVE ID CVSS Researchers Date
Duplicator <= 1.5.7 - Cross-Site Request Forgery via views/tools/diagnostics/information.php CVE-2023-51681 4.3 Rafie Muhammad December 27, 2023
Duplicator < 1.3.0 - Unauthenticated Remote Code Execution CVE-2018-25095 9.8 Jeremy Lim December 15, 2023
Duplicator <= 1.5.7 AND Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Information Exposure CVE-2023-6114 9.8 Dmitrii Ignatyev December 4, 2023
Duplicator – WordPress Migration Plugin <= 1.4.7 - Sensitive Information Disclosure CVE-2022-2552 7.5 SecuriTrust July 27, 2022
Duplicator – WordPress Migration Plugin <= 1.4.7 - Unauthenticated Backup Download CVE-2022-2551 9.8 SecuriTrust July 27, 2022
Duplicator < 1.3.28 - Directory Traversal CVE-2020-11738 7.5 nam3lum February 28, 2020
Duplicator <= 1.2.41 - Sensitive Information Disclosure leading to Remote Code Execution CVE-2018-17207 9.8 Thomas Chauchefoin, Julien Legras August 29, 2018
Duplicator <= 1.2.32 - Cross-Site Scripting CVE-2018-7543 6.1 March 15, 2018
Duplicator <= 1.2.28 – Unauthenticated Stored Cross-Site Scripting CVE-2017-16815 6.1 November 7, 2017
Duplicator < 1.1.4 - Cross-Site Request Forgery 6.5 Ratiosec February 9, 2016
Duplicator <= 0.5.26 - Authenticated (Admin+) Cross-Site Scripting 5.5 Marcin Probola August 15, 2015
Duplicator <= 0.5.14 - SQL Injection 8.8 Claudio Viviani April 10, 2015
Duplicator < 0.5.10 - Arbitrary Backup Creation and Download CVE-2014-9262 8.2 Kacper Szurek February 19, 2015
Duplicator – WordPress Migration Plugin <= 0.4.4 - Cross-Site Scripting CVE-2013-4625 6.1 High-Tech Bridge Security Research Lab August 1, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation