Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High1
Medium1
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2026-04-15

CVE-2026-1104 - FastDup – Fastest WordPress Migration & Duplicator Plugin

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create and download full-site backup archives containing the entire WordPress installation, including database exports and configuration files.

PLUGIN FastDup – Fastest WordPress Migration & Duplicator

CVE-2026-1104

HIGH CVSS 8.8 2026-02-12
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-0604 - FastDup – Fastest WordPress Migration & Duplicator Plugin

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.7 via the 'dir_path' parameter in the 'njt-fastdup/v1/template/directory-tree' REST API endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary directories on the server, which can contain sensitive information.

PLUGIN FastDup – Fastest WordPress Migration & Duplicator

CVE-2026-0604

MEDIUM CVSS 6.5 2026-01-06
Open Full Technical Breakdown
Scroll to top