PT-2020-6521 · WordPress · Duplicator Pro+1

Published

2020-02-19

Updated

2026-02-02

CVE-2020-11738

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Duplicator plugin versions prior to 1.3.28 Duplicator Pro versions prior to 3.8.7.1

Description The issue allows Directory Traversal via ../ in the file parameter to duplicator download or duplicator init API endpoints, such as "/wp-admin/admin-ajax.php?action=duplicator download&file=../../../../../../../../../etc/passwd". This can enable a remote attacker to disclose protected information.

Recommendations For Duplicator plugin versions prior to 1.3.28, update to version 1.3.28 or later. For Duplicator Pro versions prior to 3.8.7.1, update to version 3.8.7.1 or later. As a temporary workaround, consider restricting access to the duplicator download and duplicator init API endpoints until a patch is available. Avoid using the file parameter in the affected API endpoints until the issue is resolved.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2021-05939

CVE-2020-11738

Affected Products

Duplicator

Duplicator Pro

PT-2020-6521 · WordPress · Duplicator Pro+1

CVE-2020-11738

Weakness Enumeration

Related Identifiers

Affected Products

References · 19