CVE-2022-2552

MEDIUM NUCLEI

Duplicator < 1.4.7.1 - Information Disclosure

Title source: nuclei

Description

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SecuriTrust · textwebappsphp

https://www.exploit-db.com/exploits/50993

View Code ZIP pw:eip

Nuclei Templates (1)

Duplicator < 1.4.7.1 - Information Disclosure

MEDIUMVERIFIEDby iamnoooob,ritikchaddha

FOFA: body="/wp-content/plugins/duplicator"

References (2)

[Exploit, Third Party Advisory] https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698

Scores

CVSS v3 5.3

EPSS 0.5111

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-862 CWE-306

Status published

Products (1)

awesomemotive/duplicator < 1.4.7.1

Published Aug 22, 2022

Tracked Since Feb 18, 2026