Duplicator
This hub aggregates every CVE we track for Duplicator, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
2
Critical
5
High
1
In CISA KEV
Severity distribution
HIGH5MEDIUM4CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 11 most recently published vulnerabilities affecting Duplicator.
- CVE-2018-25095Duplicator < 1.3.0 - Unauthenticated RCE9.8
- CVE-2023-6114Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure7.5
- CVE-2023-33309WordPress Duplicator Pro Plugin <= 4.5.11 is vulnerable to Cross Site Scripting (XSS)7.1
- CVE-2022-2552Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure5.3
- CVE-2022-2551Duplicator < 1.4.7 - Unauthenticated Backup Download7.5
- CVE-2020-11738The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.KEV7.5
- CVE-2018-17207An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php du...9.8
- CVE-2018-7543Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via...6.1
- CVE-2017-16815installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/buil...6.1
- CVE-2014-9262The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.8.2
- CVE-2013-4625Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pa...4.3
Product normalization is registry-driven with AI assist and human review. How it works