WordPress Plugin Vulnerabilities

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

Description

The plugin does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.

Proof of Concept

Affects Plugins

Plugin icon
duplicator
Fixed in 1.5.7.1
Plugin icon
duplicator-pro
Fixed in 4.5.14.2

References

CVE
CVE-2023-6114
URL
https://research.cleantalk.org/cve-2023-6114-duplicator-poc-exploit

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
https://research.cleantalk.org
Verified
Yes
WPVDB ID
5c5d41b9-1463-4a9b-862f-e9ee600ef8e1

Timeline

Publicly Published
2023-12-04 (about 2 years ago)
Added
2023-12-04 (about 2 years ago)
Last Updated
2023-12-05 (about 2 years ago)

Other

Published
Title
Published
2023-10-09
Title
Image Regenerate & Select Crop < 7.3.1 - Sensitive Information Exposure
Published
2024-08-08
Title
Linkify Text <= 1.9.1 - Unauthenticated Full Path Disclosure
Published
2024-05-14
Title
Contact Form Widget < 1.4.0 - Sensitive Information Exposure
Published
2024-02-02
Title
LearnDash LMS < 4.10.3 - Sensitive Information Exposure via API
Published
2025-06-10
Title
WP-DownloadManager < 1.68.11 - Authenticated (Administrator+) Arbitrary File Read