Home > Vulnerability Database > CVE-2022-2552

Mend.io Vulnerability Database

CVE-2022-2552

Good to know:

Date: August 22, 2022

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

Language: PHP

Severity Score

5.3

Related Resources (4)

Url: https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698

Url: https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-2552

Url: https://www.mend.io/vulnerability-database/CVE-2022-2552

Severity Score

5.3

Weakness Type (CWE)

Authentication Issues

CWE-287

Information Leak / Disclosure

CWE-200

Missing Authentication for Critical Function

CWE-306

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version 1.4.7.1/

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-2552

Good to know:

Date: August 22, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?