Duplicator WordPress Plugin cross-site scripting XSS vulnerability

Duplicator WordPress Plugin version 0.4.4 is vulnerable to perform cross-site scripting / XSS attack because insufficient filtration of user-supplied data in "package" HTTP GET parameter passed to "wp-content/plugins/duplicator/files/installer.cleanup.php" script exist. This attack can be exploited against a logged-in administrator to steal login cookies. Upgrade to Duplicator version 0.4.5 to be safe from this vulnerability in this plugin for WP.

Additional details provided here: www.htbridge.com/advisory/HTB23162.