Home > Vulnerability Database > CVE-2022-2552

Mend.io Vulnerability Database

CVE-2022-2552

Date: August 22, 2022

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

Language: PHP

Severity Score

5.3

Related Resources (4)

Url: https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698

Url: https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-2552

Url: https://www.mend.io/vulnerability-database/CVE-2022-2552

Severity Score

5.3

Weakness Type (CWE)

Improper Authentication

CWE-287

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Missing Authentication for Critical Function

CWE-306

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-2552

Date: August 22, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?