Awesomemotive Duplicator — known CVE vulnerabilities
Every CVE whose affected-product data names Awesomemotive Duplicator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2018-25095 — CVSS 9.8 (critical): The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress…
CVE-2018-17207 — CVSS 9.8 (critical): An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and…
CVE-2022-2551 — CVSS 7.5 (high): The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer…
CVE-2023-6114 — CVSS 7.5 (high): The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the…
CVE-2023-33309 — CVSS 7.1 (high): Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <= 4.5.11 versions.
CVE-2018-7543 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows…
CVE-2022-2552 — CVSS 5.3 (medium): The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system…