Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Duplicator – WordPress Migration & Backup Plugin 1.5.7

  • Severity: medium-risk
  • Status: Fixed
  • Publication: December 27, 2023

The Duplicator plugin for WordPress is vulnerable to a type of attack called Cross-Site Request Forgery. Versions of the plugin up to and including 1.5.7 are affected by this. The vulnerability is due to the views/tools/diagnostics/information.php file not having enough security measures in place, which makes it possible for unauthenticated attackers to remove some of the plugin’s settings. An attack like this can be successful if the site administrator is tricked into performing an action such as clicking on a malicious link.

Detected in:

Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More fixed vulnerable versions:
Duplicator – Migration & Backup Plugin fixed vulnerable versions:
Duplicator – WordPress Migration & Backup Plugin fixed vulnerable versions: >= * <= 1.5.7

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.