exploitDog

CVE-2022-2551

Опубликовано: 22 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.

Ссылки

https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0
Exploit
Third Party Advisory
https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:awesomemotive:duplicator:*:*:*:*:lite:wordpress:*:*

Версия до 1.4.7 (исключая)

EPSS

Процентиль: 98%

0.52012

Средний

7.5 High

CVSS3

Дефекты

CWE-425

Связанные уязвимости

GHSA-7phj-wp5x-xwr5

CVSS3: 7.5

github

больше 3 лет назад

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.

EPSS

Процентиль: 98%

0.52012

Средний

7.5 High

CVSS3

Дефекты

CWE-425