WordPress Duplicator plugin version 1.3.26 suffers from an unauthenticated arbitrary file read vulnerability.
1383137efd7098a45bbbd9bc17c62eb574f42061cee8906bc359dc7a056a140a
This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress Duplicator plugin versions 1.3.24 through 1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.
4ea50cf867ab79c361dd72e12949f0f0d61e20bd60dd59c1e49252679fd3c7a8