Active Attacks Target Popular Duplicator WordPress Plugin

2020-02-21 20:50

Active exploits are targeting a recently patched flaw in the popular WordPress plugin Duplicator, which has more than 1 million active installations.

Researchers at Wordfence who discovered the in-the-wild attacks said in a post Thursday that 50,000 of those attacks occurred before Duplicator creator Snap Creek released a fix for the bug last week on Feb. 12 - so it was also exploited in the wild as a zero-day.

Duplicator prior to version 1.3.28 and Duplicator Pro prior to version 3.8.7.1 contain an unauthenticated arbitrary file download vulnerability.

As noted, Snap Creek addressed the bug in Duplicator version 1.3.28 and Duplicator Pro version 3.8.7.1 on February 12.

Earlier in February for instance a critical flaw in a popular WordPress plugin that helps make websites compliant with the General Data Protection Regulation was disclosed; it could enable attackers to modify content or inject malicious JavaScript code into victim websites.

News URL

https://threatpost.com/active-attacks-duplicator-wordpress-plugin/153138/

#attack #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	409	104	29	578
Plugin		2	0	13	0	0	13

News URL

Related news

Related vendor