Search criteria
2 vulnerabilities found for Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More by smub
CVE-2024-6210 (GCVE-0-2024-6210)
Vulnerability from nvd – Published: 2024-07-11 02:03 – Updated: 2026-04-08 17:25
VLAI
Title
Duplicator <= 1.5.9 - Full Path Disclosure
Summary
The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| smub | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More |
Affected:
0 , ≤ 1.5.9
(semver)
|
|
| snapcreek | duplicator |
Affected:
0 , ≤ 1.5.9
(semver)
cpe:2.3:a:snapcreek:duplicator:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snapcreek:duplicator:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "duplicator",
"vendor": "snapcreek",
"versions": [
{
"lessThanOrEqual": "1.5.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6210",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T14:06:40.562064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T19:20:15.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:04.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d47d582d-7c90-4f49-aee1-03a8775b850d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/duplicator/trunk/installer/dup-installer/main.installer.php#L51"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3108563/duplicator/trunk/installer/dup-installer/main.installer.php?old=3073248\u0026old_path=duplicator%2Ftrunk%2Finstaller%2Fdup-installer%2Fmain.installer.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Duplicator \u2013 Backups \u0026 Migration Plugin \u2013 Cloud Backups, Scheduled Backups, \u0026 More",
"vendor": "smub",
"versions": [
{
"lessThanOrEqual": "1.5.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:25:49.404Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d47d582d-7c90-4f49-aee1-03a8775b850d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/duplicator/trunk/installer/dup-installer/main.installer.php#L51"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3108563/duplicator/trunk/installer/dup-installer/main.installer.php?old=3073248\u0026old_path=duplicator%2Ftrunk%2Finstaller%2Fdup-installer%2Fmain.installer.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-10T13:42:05.000Z",
"value": "Disclosed"
}
],
"title": "Duplicator \u003c= 1.5.9 - Full Path Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6210",
"datePublished": "2024-07-11T02:03:48.713Z",
"dateReserved": "2024-06-20T16:46:45.811Z",
"dateUpdated": "2026-04-08T17:25:49.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6210 (GCVE-0-2024-6210)
Vulnerability from cvelistv5 – Published: 2024-07-11 02:03 – Updated: 2026-04-08 17:25
VLAI
Title
Duplicator <= 1.5.9 - Full Path Disclosure
Summary
The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| smub | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More |
Affected:
0 , ≤ 1.5.9
(semver)
|
|
| snapcreek | duplicator |
Affected:
0 , ≤ 1.5.9
(semver)
cpe:2.3:a:snapcreek:duplicator:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snapcreek:duplicator:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "duplicator",
"vendor": "snapcreek",
"versions": [
{
"lessThanOrEqual": "1.5.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6210",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T14:06:40.562064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T19:20:15.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:04.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d47d582d-7c90-4f49-aee1-03a8775b850d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/duplicator/trunk/installer/dup-installer/main.installer.php#L51"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3108563/duplicator/trunk/installer/dup-installer/main.installer.php?old=3073248\u0026old_path=duplicator%2Ftrunk%2Finstaller%2Fdup-installer%2Fmain.installer.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Duplicator \u2013 Backups \u0026 Migration Plugin \u2013 Cloud Backups, Scheduled Backups, \u0026 More",
"vendor": "smub",
"versions": [
{
"lessThanOrEqual": "1.5.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:25:49.404Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d47d582d-7c90-4f49-aee1-03a8775b850d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/duplicator/trunk/installer/dup-installer/main.installer.php#L51"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3108563/duplicator/trunk/installer/dup-installer/main.installer.php?old=3073248\u0026old_path=duplicator%2Ftrunk%2Finstaller%2Fdup-installer%2Fmain.installer.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-10T13:42:05.000Z",
"value": "Disclosed"
}
],
"title": "Duplicator \u003c= 1.5.9 - Full Path Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6210",
"datePublished": "2024-07-11T02:03:48.713Z",
"dateReserved": "2024-06-20T16:46:45.811Z",
"dateUpdated": "2026-04-08T17:25:49.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}