CVE-2026-0604

Name of the Vulnerable Software and Affected Versions FastDup – Fastest WordPress Migration & Duplicator plugin versions prior to 2.7

Description The FastDup plugin for WordPress has a path traversal issue affecting versions up to 2.7. Authenticated attackers with Contributor-level access or higher can read the contents of arbitrary directories on the server. This is possible through the dir path parameter in the ''/njt-fastdup/v1/template/directory-tree'' API endpoint. Sensitive information contained in these directories may be exposed.

Recommendations Update the FastDup plugin to a version newer than 2.7.