Stored Cross-Site Scripting (XSS) vulnerability found by Ricardo Sanchez in WordPress Duplicator plugin (versions <=1.2.28). The plugin is vulnerable due to incorrectly filtered values “url_new” and “logging”.
Update the WordPress Duplicator plugin to the latest available version (at least version 1.2.30).