Security News > 2020 > February > Active Attacks Target Popular Duplicator WordPress Plugin

Active Attacks Target Popular Duplicator WordPress Plugin
2020-02-21 20:50

Active exploits are targeting a recently patched flaw in the popular WordPress plugin Duplicator, which has more than 1 million active installations.

Researchers at Wordfence who discovered the in-the-wild attacks said in a post Thursday that 50,000 of those attacks occurred before Duplicator creator Snap Creek released a fix for the bug last week on Feb. 12 - so it was also exploited in the wild as a zero-day.

Duplicator prior to version 1.3.28 and Duplicator Pro prior to version 3.8.7.1 contain an unauthenticated arbitrary file download vulnerability.

As noted, Snap Creek addressed the bug in Duplicator version 1.3.28 and Duplicator Pro version 3.8.7.1 on February 12.

Earlier in February for instance a critical flaw in a popular WordPress plugin that helps make websites compliant with the General Data Protection Regulation was disclosed; it could enable attackers to modify content or inject malicious JavaScript code into victim websites.


News URL

https://threatpost.com/active-attacks-duplicator-wordpress-plugin/153138/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 95 44 18 159
Plugin 2 0 13 1 0 14