This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress Duplicator plugin versions 1.3.24 through 1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.
4ea50cf867ab79c361dd72e12949f0f0d61e20bd60dd59c1e49252679fd3c7a8