Description

WordPress plugin Duplicator (versions <= 1.3.26) is vulnerable to an Unauthenticated Arbitrary File Download vulnerability that allows attackers to download arbitrary files from the WordPress installation. For example, an attacker can download the WordPress configuration file wp-config.php that contains WordPress database credentials and authentication unique keys and salts.

Remediation

Upgrade to the latest version of WordPress Duplicator plugin. This isses was fixed in version 1.3.26.

References

Active Attack on Recently Patched Duplicator Plugin Vulnerability Affects Over 1 Million Sites

Related Vulnerabilities

WordPress Ultimate Member Plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-3361)

WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45)

Payara Micro File Read (CVE-2021-41381)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.15)

NodeBB Arbitrary JSON File Read (CVE-2021-43788)

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal