What is CVE-2022-2551?

CVE-2022-2551 is a vulnerability in Duplicator – Wordpress Migration Plugin, classified under Direct Request (Forced Browsing). Published 2022-08-22.

Is CVE-2022-2551 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Duplicator – Wordpress Migration Plugin

CVE-2022-2551

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing downloa…

EPSS: 0.597 (98.3th percentile) — read the EPSS interpretation.

Affected products

Unknown Duplicator – Wordpress Migration Plugin — versions 1.4.7

Weakness classification (CWE)

CWE-425 — Direct Request (Forced Browsing)

Public proof-of-concept exploits

References

wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0 (x_refsource_MISC)
github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-2551?: CVE-2022-2551 is a vulnerability in Duplicator – Wordpress Migration Plugin, classified under Direct Request (Forced Browsing). Published 2022-08-22.
Is CVE-2022-2551 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.