CVE-2022-2552

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552	Exploit Third Party Advisory
https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698	Exploit Third Party Advisory
https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552	Exploit Third Party Advisory
https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*

History

No history.

Information

Published : 2022-08-22 15:15

Updated : 2024-11-21 07:01

NVD link : CVE-2022-2552

Mitre link : CVE-2022-2552

CVE.ORG link : CVE-2022-2552

JSON object : View

Products Affected

snapcreek

duplicator

CWE

CWE-306

Missing Authentication for Critical Function

CWE-862

Missing Authorization

{"id": "CVE-2022-2552", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-08-22T15:15:15.373", "references": [{"url": "https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site."}, {"lang": "es", "value": "El plugin Duplicator de WordPress versiones anteriores a 1.4.7.1, no autentica ni autoriza a visitantes antes de mostrar informaci\u00f3n sobre el sistema, como el software del servidor, la versi\u00f3n de php y la ruta completa del sistema de archivos del sitio."}], "lastModified": "2024-11-21T07:01:14.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "1BCDC591-A646-460B-A525-51E0B25ACC07", "versionEndExcluding": "1.4.7.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}