Description
WordPress Plugin Duplicator-WordPress Migration is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently create and download backup files. WordPress Plugin Duplicator-WordPress Migration version 0.5.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 0.5.10 or latest
References
http://security.szurek.pl/duplicator-058-privilege-escalation.html
https://www.exploit-db.com/exploits/36112/
http://packetstormsecurity.com/files/130439/WordPress-Duplicator-0.5.8-Privilege-Escalation.html
Related Vulnerabilities
WordPress Plugin YITH WooCommerce Ajax Search Unspecified Vulnerability (1.2.7)
WebLogic Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5638)
Ruby Numeric Errors Vulnerability (CVE-2008-2662)
MySQL CVE-2020-14829 Vulnerability (CVE-2020-14829)
CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-18288)