WordPress · Duplicator · CVE-2018-25095
**Name of the Vulnerable Software and Affected Versions**
Duplicator WordPress plugin versions prior to 1.3.0
**Description**
The issue arises from the Duplicator WordPress plugin's installer script not properly escaping values when replacing them in WordPress configuration files. This could allow arbitrary code execution on the server if the installer script is left on the site after use.
**Recommendations**
For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider removing the installer script from the site after use to prevent potential exploitation.