Active Attacks Target Popular Duplicator WordPress Plugin

guest · Feb 21, 2020

Active Attacks Target Popular Duplicator WordPress Plugin
When patched last week, the bug affected at least 1 million websites
February 21, 2020
https://threatpost.com/active-attacks-duplicator-wordpress-plugin/153138/

Active exploits are targeting a recently patched flaw in the popular WordPress plugin Duplicator, which has more than 1 million active installations. So far, researchers have seen 60,000 attempts to harvest sensitive information from victims.
Researchers at Wordfence who discovered the in-the-wild attacks said in a post Thursday that 50,000 of those attacks occurred before Duplicator creator Snap Creek released a fix for the bug last week on Feb. 12 – so it was also exploited in the wild as a zero-day.
The Bug
Duplicator is essentially a simple backup and site migration utility. It gives WordPress site administrators the ability to migrate, copy, move or clone a site. WordPress says that Duplicator has been downloaded more than 15 million times and is in active use for over one million sites.

Unfortunately, Duplicator prior to version 1.3.28 and Duplicator Pro prior to version 3.8.7.1 contain an unauthenticated arbitrary file download vulnerability.
This would allow attackers to then download files outside of the intended directory.
Click to expand...

The Attacks
According to Wordfence, the 60,000 exploitation attempts that it saw within its customer telemetry were all efforts to download the wp-config.php file.

“Depending on the site, wp-config.php can contain any amount of custom code, but attackers target it to access a site’s database credentials,” according to a blog posted this week.

As noted, Snap Creek addressed the bug in Duplicator version 1.3.28 and Duplicator Pro version 3.8.7.1 on February 12. Duplicator and Duplicator Pro users are strongly encouraged to upgrade to versions 1.3.28 and 3.8.7.1 or greater as soon as possible.
Click to expand...

Wordfence: Active Attack on Recently Patched Duplicator Plugin Vulnerability Affects Over 1 Million Sites

Log in or Sign up

Active Attacks Target Popular Duplicator WordPress Plugin

guest Guest

Log in or Sign up

Active Attacks Target Popular Duplicator WordPress Plugin

guest Guest

Useful Searches