WordPress Plugin Vulnerabilities

Duplicator <= 1.1.3 - Cross-Site Request Forgery (CSRF)

Description

The Duplicator – WordPress Migration Plugin WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
duplicator
Fixed in 1.1.4

References

URL
http://www.ratiosec.com/2016/duplicator-wordpress-plugin-source-database-disclosure-via-csrf/
URL
http://lifeinthegrid.com/support/knowledgebase.php?article=20
URL
https://www.securityfocus.com/archive/1/537506

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
3427b434-73c4-4fd6-bca0-681d9f28e988

Timeline

Publicly Published
2016-02-10 (about 10 years ago)
Added
2016-02-11 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2025-04-04
Title
Read More & Accordion < 3.4.8 - Local File Inclusion via CSRF
Published
2021-06-08
Title
Custom CSS, JS & PHP <= 2.0.7 - Arbitrary Settings Update via CSRF
Published
2024-03-13
Title
Automatic < 3.92.1 - Cross-Site Request Forgery to Privilege Escalation
Published
2019-02-28
Title
Smart Forms < 2.6.16 - Cross-Site Request Forgery (CSRF)
Published
2025-03-28
Title
The Visitor Counter <= 1.4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting