CVE-2018-25095

Sažetak

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.

Reference

https://wpscan.com/vulnerability/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee
https://wpscan.com/vulnerability/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

02-02-2026 - 15:06

Objavljeno

08-01-2024 - 19:15