WordPress Duplicator plugin Unauthenticated Arbitrary File Download
Description
WordPress plugin Duplicator (versions <= 1.3.26) is vulnerable to an Unauthenticated Arbitrary File Download vulnerability that allows attackers to download arbitrary files from the WordPress installation. For example, an attacker can download the WordPress configuration file wp-config.php that contains WordPress database credentials and authentication unique keys and salts.
Remediation
Upgrade to the latest version of WordPress Duplicator plugin. This isses was fixed in version <strong>1.3.26</strong>.