CVE-2022-2552

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
Configurations

Configuration 1 (hide)

cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*

History

21 Nov 2024, 07:01

Type Values Removed Values Added
References () https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552 - Exploit, Third Party Advisory () https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552 - Exploit, Third Party Advisory
References () https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698 - Exploit, Third Party Advisory

Information

Published : 2022-08-22 15:15

Updated : 2024-11-21 07:01


NVD link : CVE-2022-2552

Mitre link : CVE-2022-2552

CVE.ORG link : CVE-2022-2552


JSON object : View

Products Affected

snapcreek

  • duplicator
CWE
CWE-306

Missing Authentication for Critical Function

CWE-862

Missing Authorization