WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Duplicator – WordPress Migration & Backup Plugin

2022-08-01
Duplicator < 1.4.7 - Unauthenticated Backup Download
Fixed in version 1.4.7
2022-08-01
Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure
Fixed in version 1.4.7.1
2020-02-19
Duplicator 1.3.24 & 1.3.26 - Unauthenticated Arbitrary File Download
Fixed in version 1.3.28
2018-09-05
Duplicator <= 1.2.40 - Unauthenticated Arbitrary Code Execution
Fixed in version 1.2.42
2018-03-15
Duplicator <= 1.2.32 - Cross-Site Scripting (XSS)
Fixed in version 1.2.33
2017-11-07
Duplicator <= 1.2.28 – Unauthenticated Stored Cross-Site Scripting (XSS)
Fixed in version 1.2.29
2016-02-10
Duplicator <= 1.1.3 - Cross-Site Request Forgery (CSRF)
Fixed in version 1.1.4
2015-08-15
Duplicator <= 0.5.26 - Authenticated Cross-Site Scripting (XSS)
Fixed in version 0.5.28
2015-04-10
Duplicator <= 0.5.14 - SQL Injection & CSRF
Fixed in version 0.5.16
2015-02-19
Duplicator 0.5.8 - Privilege Escalation
Fixed in version 0.5.10
2014-08-01
Duplicator - installer.cleanup.php package Parameter XSS
Fixed in version 0.4.5