5 matches found
CVE-2022-2551
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...
CVE-2022-2551 Duplicator < 1.4.7 - Unauthenticated Backup Download
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...
CVE-2022-2551
CVE-2022-2551 affects WordPress Duplicator plugin versions prior to 1.4.7. The vulnerability is an authentication bypass that causes the plugin to disclose the backup URL to unauthenticated users who access the main installer endpoint, enabling download of the full site backup without authenticat...
WordPress Duplicator 1.4.6 Backup Disclosure
Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download Google Dork: N/A Date: 07.27.2022 Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: 1.4.7 Tested on: Linux, Windows CVE :...
WordPress Duplicator 1.4.6 Plugin - Unauthenticated Backup Download Vulnerability
Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2551 Reference:...