CVE-2022-2552

high-risk
Published 2022-08-22

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

Do I need to act?

!
51.1% chance of exploitation in next 30 days
EPSS score — higher than 49% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
50993
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Awesomemotive

References (4)

Exploit https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552
Exploit https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698
Exploit https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552
Exploit https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698
51
/ 100
high-risk
Severity 21/34 · High
Exploitability 25/34 · High
Exposure 5/34 · Minimal