What is CVE-2022-2552?

CVE-2022-2552 is a vulnerability in Duplicator, classified under CWE-862 MISSING AUTHORIZATION. Published 2022-08-22.

Is CVE-2022-2552 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Duplicator

CVE-2022-2552

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

EPSS: 0.511 (97.9th percentile) — read the EPSS interpretation.

Affected products

Unknown Duplicator — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon

References

wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698 (exploit, vdb-entry, technical-description)
github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552

Frequently asked questions

What is CVE-2022-2552?: CVE-2022-2552 is a vulnerability in Duplicator, classified under CWE-862 MISSING AUTHORIZATION. Published 2022-08-22.
Is CVE-2022-2552 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.