The host is installed with Snap Creek Duplicator plugin for WordPress before 1.3.28 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to properly handle ../ in the file parameter to duplicator_download or duplicator_init. Successful exploitation allows Directory Traversal.