Online WordPress Duplicator plugin Directory Traversal Vulnerability CVE-2020-11738 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

30

Online WordPress Duplicator plugin Directory Traversal Vulnerability CVE-2020-11738 Scanner Detail

If you are using WordPress Duplicator plugin, it is better to check your system if any vulnerability exists.

Vulnerability

On February 12, Snap Creek, makers of the popular WordPress plugin Duplicator, released version 1.3.28 and Duplicator Pro version 3.8.7.1 to address a serious vulnerability.

According to researchers at Wordfence, an unauthenticated arbitrary file download vulnerability exists in Duplicator versions 1.3.26 and Duplicator Pro versions 3.8.7.

Some Advice for Common Problems

Snap Creek addressed this vulnerability in Duplicator version 1.3.28 and Duplicator Pro version 3.8.7.1 on February 12. Duplicator and Duplicator Pro users are strongly encouraged to upgrade to versions 1.3.28 and 3.8.7.1 or greater as soon as possible.

Additionally, review HTTP logs for requests that include the following query strings:

  1. action=duplicator_download
  2. file=/../wp-config.php

The most reliable indicator is whether the request contains the file parameter, as that is required to exploit this vulnerability.

 

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service