CVE-2022-2551 Vulnerability Details

  /     /     /  

CVE-2022-2551 Metadata Quick Info

CVE Published: 22/08/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: WPScan | Vendor: Unknown | Product: Duplicator – WordPress Migration Plugin
Status : PUBLISHED

---

CVE-2022-2551 Description

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-425
CWE Name: CWE-425 Direct Request ( Forced Browsing )
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).