CVE-2020-11738

Known Exploited (CISA KEV)HIGH

7.5

CVSS Severity Score

EPSS Score42.0810%

EPSS Percentile85.18th

Published2020年4月13日

Last Modified2026年2月2日

Vulnerability Description

The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.

Affected Platforms (CPE)

📦

Awesomemotive

Duplicator

< 1.3.28

📦

Awesomemotive

Duplicator

< 3.8.7.1

References & Advisories

🔗 http://packetstormsecurity.com/files/160621/WordPress-Duplicator-1.3.26-Directory-Traversal-File-Read.html

🔗 http://packetstormsecurity.com/files/164533/WordPress-Duplicator-1.3.26-Arbitrary-File-Read.html

🔗 https://cwe.mitre.org/data/definitions/23.html

🔗 https://snapcreek.com/duplicator/docs/changelog/?lite

🔗 https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/

🔗 http://packetstormsecurity.com/files/160621/WordPress-Duplicator-1.3.26-Directory-Traversal-File-Read.html

🔗 http://packetstormsecurity.com/files/164533/WordPress-Duplicator-1.3.26-Arbitrary-File-Read.html

🔗 https://cwe.mitre.org/data/definitions/23.html

Vulnerability Description

Affected Platforms (CPE)

Duplicator

Duplicator

References & Advisories

相關漏洞威脅