← back
CVE-2022-2552

Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure

EPSS 8.4%
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
Affected products
Unknown · Duplicator
public PoCs found2
cve_referencewpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698unverifiedexploitdbwww.exploit-db.com/exploits/50993unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698