Security for everyone

CVE-2022-2551 Scanner

Detects 'Unauthenticated Backup Download' vulnerability in Duplicator affects v. before 1.4.7.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one


Parent Category

CVE-2022-2551 Scanner Detail

The Duplicator software is widely used by website administrators to migrate, backup, and transfer WordPress sites from one location to another. This plugin ensures that the entire WordPress site can be easily copied and duplicated, including plugins, themes, widgets, and database settings. One of the key benefits of Duplicator is that it allows users to eliminate downtime and simplify the process of moving pages, images, and posts. Moreover, website owners can also use Duplicator to create multiple test sites and deploy them to remote servers. All in all, Duplicator is a popular plugin for webmasters looking for an easy and reliable way to backup or transfer their WordPress website.

Recently, the CVE-2022-2551 vulnerability was detected in Duplicator's WordPress plugin, version 1.4.7 and earlier. This vulnerability exposes the URL of the backup file to unauthenticated users who access the main installer endpoint of the plugin, allowing them to download the full site backup without any authentication. This means that hackers can easily access a website's sensitive database information, including usernames, passwords, and private data, by exploiting this vulnerability. This flaw could also lead to data breaches, site hijacking, and other malicious attacks that could compromise the integrity of the website.

When exploited, the CVE-2022-2551 vulnerability could lead to a significant security risk for the website owner. The attacker can not only access sensitive user information, but also manipulate the site's data, inject malicious codes, and execute arbitrary scripts on the website's server. These attacks are highly dangerous and can lead to irreparable damage to the business reputation and sensitive data. Therefore, it is important for website owners to be aware of this vulnerability and take the necessary precautions to protect their website against it.

In conclusion, website owners who use the Duplicator WordPress plugin need to be aware of the CVE-2022-2551 vulnerability and take action to protect their website against it. By updating to the latest version of the plugin, enabling two-factor authentication, and installing a security plugin, website owners can significantly reduce the risk of a data breach or malicious attack. Finally, by using the pro features of the platform, website owners can easily and quickly learn about vulnerabilities in their digital assets and take the necessary measures to secure their online presence.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture