CVE-2022-2552

Published: Aug 22, 2022Modified: Feb 2, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

Affected (1)

Products: Awesomemotive: Duplicator

Awesomemotive

1 product

Duplicator

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Awesomemotive Duplicator	Before 1.4.7.1

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698

Source: contact@wpscan.com

ExploitThird Party Advisory

https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.