Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
CVE-2023-6114

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Duplicator; Duplicator Pro
Vendor: CVE Published:; 26 December 2023

What is CVE-2023-6114?

The Duplicator WordPress plugin and its Pro version contain a significant vulnerability that permits unauthorized access to sensitive data stored in temporary backup directories. When the web server's directory listing feature is enabled, unauthenticated attackers can list the contents of the backups-dup-lite/tmp and backups-dup-pro/tmp directories. This exposure can lead to the discovery of critical files such as a complete database dump and site archives, raising serious concerns about data confidentiality and overall website security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Duplicator 0 < 1.5.7.1

Duplicator Pro 0 < 4.5.14.2

References

https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-...

exploitvdb-entrytechnical-description

https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2...

EPSS Score

61% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2023
Vulnerability Reserved
Nov 13, 2023

Credit

Dmitrii Ignatyev

WPScan

JSON

Wordpress

What is CVE-2023-6114?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.