WordPress Duplicator 1.3.26 Directory Traversal / File Read

Posted on 19 December 2020

This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress Duplicator plugin versions 1.3.24 through 1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.