CVE-2022-2552

EUVD-2022-34806
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
awesomemotiveduplicator
𝑥
< 1.4.7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552
https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698
https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552
https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698