Lucene search
WPScanCVELIST:CVE-2022-2551HistoryAug 22, 2022 - 3:03 p.m.
CVE-2022-2551 Duplicator < 1.4.7 - Unauthenticated Backup Download
2022-08-2215:03:52
CWE-425
WPScan
www.cve.org
0.664 Medium
EPSS
Percentile
98.0%
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.
CNA Affected
[
{
"product": "Duplicator – WordPress Migration Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.4.7",
"status": "affected",
"version": "1.4.7",
"versionType": "custom"
}
]
}
]Related
nuclei
nuclei
WordPress Duplicator <1.4.7 - Authentication Bypass
2022-09-03 19:19:55
prion
prion
Design/Logic Flaw
2022-08-22 15:15:00
wpvulndb
wpvulndb
Duplicator < 1.4.7 - Unauthenticated Backup Download
2022-08-01 00:00:00
openvas
openvas
WordPress Duplicator Plugin < 1.4.7 Information Disclosure Vulnerability
2022-08-23 00:00:00
zdt
zdt
nvd
nvd
CVE-2022-2551
2022-08-22 15:15:15
cve
cve
CVE-2022-2551
2022-08-22 15:15:15
packetstorm
packetstorm
WordPress Duplicator 1.4.6 Backup Disclosure
2022-08-01 00:00:00
patchstack
patchstack
wpexploit
wpexploit
Duplicator < 1.4.7 - Unauthenticated Backup Download
2022-08-01 00:00:00
exploitdb
exploitdb
WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
2022-08-01 00:00:00