Missing Authentication for Critical Function
CVE-2022-2552
Summary
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-306 - Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
References
Advisory Timeline
- Published