Description
WordPress Plugin Duplicator-WordPress Migration is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Duplicator-WordPress Migration version 1.3.26 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.28 or latest
References
Related Vulnerabilities
OpenSSL Out-of-bounds Read Vulnerability (CVE-2016-2180)
YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-0269)
Ruby on Rails Deserialization of Untrusted Data Vulnerability (CVE-2020-8165)
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Arbitrary File Upload (0.1.0.38)
WordPress Plugin SEO-Dashboard by gutewebsites.de Cross-Site Scripting (1.2.5)