CVE-2022-2551

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551	Exploit Third Party Advisory
https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0	Exploit Third Party Advisory
https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551	Exploit Third Party Advisory
https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*

History

21 Nov 2024, 07:01

Type	Values Removed	Values Added
References	~~() https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551 - Exploit, Third Party Advisory~~	() https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551 - Exploit, Third Party Advisory
References	~~() https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0 - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0 - Exploit, Third Party Advisory

Information

Published : 2022-08-22 15:15

Updated : 2024-11-21 07:01

NVD link : CVE-2022-2551

Mitre link : CVE-2022-2551

CVE.ORG link : CVE-2022-2551

JSON object : View

Products Affected

snapcreek

duplicator

CWE

CWE-425

Direct Request ('Forced Browsing')

{"id": "CVE-2022-2551", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-08-22T15:15:15.317", "references": [{"url": "https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-425"}]}], "descriptions": [{"lang": "en", "value": "The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating."}, {"lang": "es", "value": "El plugin Duplicator de WordPress versiones anteriores a 1.4.7, divulga la url de la copia de seguridad a visitantes no autenticados que acceden al endpoint del instalador principal del plugin, si el script del instalador ha sido ejecutado una vez por un administrador, permitiendo la descarga de la copia de seguridad completa del sitio sin autenticarse."}], "lastModified": "2024-11-21T07:01:14.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FC2929DA-2B8E-4C4D-AB47-6BF4F8E20008", "versionEndExcluding": "1.4.7"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}