CVE-2022-2551

HIGH EXPLOITED NUCLEI

Duplicator <1.4.7 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2022-2551 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including SecuriTrust. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated backup download vulnerability in WordPress Plugin Duplicator versions prior to 1.4.7. The PoC shows how an attacker can download backup files by accessing a specific URL with the 'is_daws' parameter.

Description

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.

Exploits (1)

exploitdb WORKING POC

by SecuriTrust · textwebappsphp

https://www.exploit-db.com/exploits/50992

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated backup download vulnerability in WordPress Plugin Duplicator versions prior to 1.4.7. The PoC shows how an attacker can download backup files by accessing a specific URL with the 'is_daws' parameter.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Duplicator < 1.4.7

No auth needed

Prerequisites: Access to the target WordPress site with the vulnerable plugin installed

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress Duplicator <1.4.7 - Authentication Bypass

HIGHVERIFIEDby LRTK-CODER

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0

Exploit, Third Party Advisory x_refsource_misc

https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.1180

EPSS Percentile 95.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-02-01

CWE

CWE-425

Status published

Products (1)

awesomemotive/duplicator < 1.4.7

Published Aug 22, 2022

Tracked Since Feb 18, 2026