ACTIVELY EXPLOITED3 sources verified·1 min read
By Lyrie Threat Intelligence·11/3/2021
CVE-2020-11738 added to CISA KEV: WordPress Snap Creek Duplicator Plugin
Status: ✅ Confirmed exploited in the wild
Date added: 2021-11-03
Required action: Apply updates per vendor instructions.
Due date: 2022-05-03
Why this matters
WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro.
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.