CVE-2020-11738 — WordPress Snap Creek Duplicator Plugin File Download Vulnerability
2021-11-03 • CISA Known Exploited Vulnerability
[event] WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | WordPress |
| Product | Snap Creek Duplicator Plugin |
| CWE | CWE-22 |
| CVE ID | CVE-2020-11738 |
| Date Added | 2021-11-03 |
| Due Date | 2022-05-03 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-05-03