← back
CVE-2020-11738

CVE-2020-11738

CVSS 7.5 HIGHEPSS 97.8%● KEVCWE-22
In short

A vulnerability in the Duplicator WordPress plugin allows attackers to download files from anywhere on the server by manipulating file paths. This could expose sensitive files like database backups or configuration files containing passwords.

Technical detail

CWE-22 Directory Traversal vulnerability in Duplicator plugin (< 1.3.28) and Duplicator Pro (< 3.8.7.1) affecting the duplicator_download and duplicator_init actions. Unauthenticated attackers can bypass path restrictions using ../ sequences in the file parameter to access arbitrary files on the server. Impact includes confidentiality breach through unauthorized file access.

Summary generated and translated by AI from the official description.
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N
Affected products
n/a · n/a
public PoCs found4
githubgithub.com/raghu66669999/wordpress-snapcreek0cve_referencepacketstormsecurity.com/files/160621/WordPress-Duplicator-1.3.26-Directory-Traversal-File-Read.htmlunverifiedcve_referencepacketstormsecurity.com/files/164533/WordPress-Duplicator-1.3.26-Arbitrary-File-Read.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50420unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/160621/WordPress-Duplicator-1.3.26-Directory-Traversal-File-Read.htmlhttp://packetstormsecurity.com/files/164533/WordPress-Duplicator-1.3.26-Arbitrary-File-Read.htmlhttps://cwe.mitre.org/data/definitions/23.htmlhttps://snapcreek.com/duplicator/docs/changelog/?litehttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11738https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/