Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

Information

Software Type Plugin
Software Slug duplicator (view on wordpress.org)
Software Status Active
Software Author smub
Software Website duplicator.com
Software Downloads 45,992,760
Software Active Installs 1,000,000
Software Record Last Updated December 12, 2024

15 Vulnerabilities

8.8
CVE ID Unknown
Apr 10, 2015
Researcher: Claudio Viviani
6.5
CVE ID Unknown
Feb 9, 2016
Researcher: Ratiosec
Title Status CVE ID CVSS Researchers Date
Duplicator < 1.3.0 - Unauthenticated Remote Code Execution Patched CVE-2018-25095 9.8 Jeremy Lim December 15, 2023
Duplicator <= 1.5.7 AND Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Information Exposure Patched CVE-2023-6114 9.8 Dmitrii Ignatyev December 4, 2023
Duplicator – WordPress Migration Plugin <= 1.4.7 - Unauthenticated Backup Download Patched CVE-2022-2551 9.8 SecuriTrust July 27, 2022
Duplicator <= 1.2.41 - Sensitive Information Disclosure leading to Remote Code Execution Patched CVE-2018-17207 9.8 Thomas Chauchefoin, Julien Legras August 29, 2018
Duplicator <= 0.5.14 - SQL Injection Patched 8.8 Claudio Viviani April 10, 2015
Duplicator < 0.5.10 - Arbitrary Backup Creation and Download Patched CVE-2014-9262 8.2 Kacper Szurek February 19, 2015
Duplicator – WordPress Migration Plugin <= 1.4.7 - Sensitive Information Disclosure Patched CVE-2022-2552 7.5 SecuriTrust July 27, 2022
Duplicator < 1.3.28 - Directory Traversal Patched CVE-2020-11738 7.5 nam3lum February 28, 2020
Duplicator < 1.1.4 - Cross-Site Request Forgery Patched 6.5 Ratiosec February 9, 2016
Duplicator <= 1.2.32 - Cross-Site Scripting Patched CVE-2018-7543 6.1 March 15, 2018
Duplicator <= 1.2.28 – Unauthenticated Stored Cross-Site Scripting Patched CVE-2017-16815 6.1 November 7, 2017
Duplicator – WordPress Migration Plugin <= 0.4.4 - Cross-Site Scripting Patched CVE-2013-4625 6.1 High-Tech Bridge Security Research Lab August 1, 2014
Duplicator <= 0.5.26 - Authenticated (Admin+) Cross-Site Scripting Patched 5.5 Marcin Probola August 15, 2015
Duplicator <= 1.5.9 - Full Path Disclosure Patched CVE-2024-6210 5.3 stealthcopter July 10, 2024
Duplicator <= 1.5.7 - Cross-Site Request Forgery via views/tools/diagnostics/information.php Patched CVE-2023-51681 4.3 Rafie Muhammad December 27, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation