WordPress Plugin Vulnerabilities

Duplicator 0.5.8 - Privilege Escalation

Description

The Duplicator – WordPress Migration Plugin WordPress plugin was affected by a Privilege Escalation security vulnerability.

Affects Plugins

Plugin icon
duplicator
Fixed in 0.5.10

References

CVE
CVE-2014-9262
URL
https://packetstormsecurity.com/files/#130439/
URL
https://security.szurek.pl/duplicator-058-privilege-escalation.html

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
8.2 (high)

Miscellaneous

Submitter
Kacper Szurek
Submitter website
http://security.szurek.pl/
Submitter twitter
KacperSzurek
Verified
No
WPVDB ID
93d61693-04e2-45db-9d67-60f495c44640

Timeline

Publicly Published
2015-02-19 (about 11 years ago)
Added
2015-02-19 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-08-28
Title
Job Manager <= 0.7.25 - Insecure Direct Object Reference (IDOR)
Published
2026-03-02
Title
All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login < 2.2.6 - Authentication Bypass
Published
2022-04-21
Title
WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR
Published
2024-03-22
Title
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder < 1.15.23 - Sensitive Information Exposure
Published
2016-06-21
Title
Advanced Access Manager <= 3.2.1 - Privilege Escalation