CVE-2018-25095

Published: Jan 8, 2024Modified: Feb 2, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.

Affected (1)

Products: Awesomemotive: Duplicator

Awesomemotive

1 product

Duplicator

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Awesomemotive Duplicator	Before 1.3.0

References (2)

https://wpscan.com/vulnerability/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.