CVE-2022-2552

MEDIUM NUCLEI

Duplicator < 1.4.7.1 - Information Disclosure

Title source: nuclei
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-2552. PoCs published by SecuriTrust. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in WordPress Plugin Duplicator <= 1.4.7. By accessing a specific endpoint, an attacker can retrieve system information without authentication.

Description

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SecuriTrust · textwebappsphp
https://www.exploit-db.com/exploits/50993

This exploit demonstrates an information disclosure vulnerability in WordPress Plugin Duplicator <= 1.4.7. By accessing a specific endpoint, an attacker can retrieve system information without authentication.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin Duplicator <= 1.4.7
No auth needed
Prerequisites: Access to the target WordPress site with the vulnerable plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Duplicator < 1.4.7.1 - Information Disclosure
MEDIUMVERIFIEDby iamnoooob,ritikchaddha
FOFA: body="/wp-content/plugins/duplicator"

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698

Scores

CVSS v3 5.3
EPSS 0.0811
EPSS Percentile 94.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-306 CWE-862
Status published
Products (1)
awesomemotive/duplicator < 1.4.7.1
Published Aug 22, 2022
Tracked Since Feb 18, 2026