CVE-2022-2552: Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure
First published: Mon Aug 22 2022(Updated: )
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Snapcreek Duplicator | <1.4.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-2552?
CVE-2022-2552 is a vulnerability in the Duplicator WordPress plugin before version 1.4.7.1 that allows unauthorized visitors to view sensitive system information.
How severe is CVE-2022-2552?
CVE-2022-2552 has a severity score of 5.3, which is considered medium.
How does CVE-2022-2552 affect the Duplicator WordPress plugin?
CVE-2022-2552 affects the Duplicator WordPress plugin before version 1.4.7.1, allowing unauthorized visitors to view system information.
Is there a fix for CVE-2022-2552?
Yes, upgrading the Duplicator WordPress plugin to version 1.4.7.1 or later resolves the CVE-2022-2552 vulnerability.
What can unauthorized visitors see due to CVE-2022-2552?
Unauthorized visitors can see sensitive system information such as server software, PHP version, and the full file system path to the site.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/snapcreek
- canonical/snapcreek duplicator