QwikSec

Security Database

CVE

CWE

Training

CVE-2022-2551

Published: Aug 22, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.

Vendor	Product	Versions
Unknown	Duplicator – WordPress Migration Plugin	affected `1.4.7 - < 1.4.7`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0

x_refsource_MISC

https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.