9.6
CVE-2026-52703
- EPSS 0.44%
- Veröffentlicht 15.06.2026 20:19:35
- Zuletzt bearbeitet 15.06.2026 21:24:32
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability
FastDup – Fastest WordPress Migration & Duplicator <= 2.7.2 - Unauthenticated Path Traversal
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
Mögliche Gegenmaßnahme
FastDup – Fastest WordPress Migration & Duplicator: Update to version 2.7.3, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerNinja Team
≫
Produkt
FastDup
Default Statusunaffected
Version <=
2.7.2
Version
n/a
Status
affected
VulnDex Vulnerability Enrichment
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
FastDup – Fastest WordPress Migration & Duplicator
Version
*-2.7.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.35 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| audit@patchstack.com | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-35 Path Traversal: '.../...//'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://patchstack.com/database/wordpress/plugin/fastdup/vulnerability/wordpress-fastdup-plugin-2-7-2-path-traversal-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/483dad33-bde9-4008-b79c-6a66d3514652