9.6

CVE-2026-52703

Medienbericht

WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability

FastDup – Fastest WordPress Migration & Duplicator <= 2.7.2 - Unauthenticated Path Traversal

Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
Mögliche Gegenmaßnahme
FastDup – Fastest WordPress Migration & Duplicator: Update to version 2.7.3, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerNinja Team
Produkt FastDup
Default Statusunaffected
Version <= 2.7.2
Version n/a
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt FastDup – Fastest WordPress Migration & Duplicator
Version *-2.7.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.35
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
audit@patchstack.com 9.6 2.8 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE-35 Path Traversal: '.../...//'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
22.06.2026 16:38
https://patchstack.com/database/wordpress/plugin/fastdup/vulnerability/wordpress-fastdup-plugin-2-7-2-path-traversal-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/483dad33-bde9-4008-b79c-6a66d3514652
Third Party Advisory