2022-09-03 19:19:55 +00:00
id : CVE-2022-2551
info :
2023-04-07 16:16:58 +00:00
name : WordPress Duplicator <1.4.7 - Authentication Bypass
2022-09-26 17:19:56 +00:00
author : LRTK-CODER
2022-09-03 19:19:55 +00:00
severity : high
description : |
2023-04-07 16:16:58 +00:00
WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.
2023-09-06 11:59:08 +00:00
remediation : Fixed in version 1.4.7.1.
2022-09-03 19:19:55 +00:00
reference :
2022-09-26 17:19:56 +00:00
- https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0
- https://wordpress.org/plugins/duplicator/
2022-09-03 19:19:55 +00:00
- https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551
2023-04-07 16:16:58 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-2551
2022-09-03 19:19:55 +00:00
classification :
2022-09-28 08:29:07 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
2022-09-03 19:19:55 +00:00
cve-id : CVE-2022-2551
2022-09-28 08:29:07 +00:00
cwe-id : CWE-425
2023-10-14 11:27:55 +00:00
epss-score : 0.79836
2023-10-27 16:34:45 +00:00
epss-percentile : 0.97939
2023-09-06 11:59:08 +00:00
cpe : cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*
2022-09-26 17:25:43 +00:00
metadata :
2023-06-04 08:13:42 +00:00
verified : true
2023-09-06 11:59:08 +00:00
max-request : 2
2023-07-11 19:49:27 +00:00
vendor : snapcreek
product : duplicator
2023-09-06 11:59:08 +00:00
framework : wordpress
google-query : inurl:/backups-dup-lite/dup-installer/
2022-09-28 08:29:07 +00:00
tags : cve2022,wordpress,wp,wp-plugin,duplicator,wpscan,cve
2022-09-26 17:24:38 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-09-03 19:19:55 +00:00
- method : GET
path :
2022-09-26 17:19:56 +00:00
- "{{BaseURL}}/wp-content/backups-dup-lite/dup-installer/main.installer.php?is_daws=1"
- "{{BaseURL}}/wp-content/dup-installer/main.installer.php?is_daws=1"
2022-09-26 17:27:53 +00:00
2022-09-03 19:19:55 +00:00
matchers-condition : and
matchers :
2023-07-11 19:49:27 +00:00
- type : word
2022-09-03 19:19:55 +00:00
part : body
words :
- "<a href='../installer.php'>restart this install process</a>"
2023-07-11 19:49:27 +00:00
condition : and
2022-09-26 17:19:56 +00:00
- type : word
part : header
words :
- text/html
- type : status
status :
- 200
2023-10-28 07:54:29 +00:00
# digest: 4b0a004830460221008e2ededb3489519b79f0edf160fb16ffc57798d81afec963c596fdb1b3ffdfcc022100edb09360120cc61153e9c1007e242e8623900484f33fe6e6d58944dd8ee13071:922c64590222798bb761d5b6d8e72950