Description

WordPress Duplicator is a WordPress plugin that creates a package that bundles all the site's plugins, themes, content, database and WordPress files into a simple zip file that can be used to easily migrate a WordPress site.

Synacktiv discovered that WordPress Duplicator versions lower than 1.2.42 does not remove sensitive files after the restoration process. The installer.php and installer-backup.php files can be reused after the restoration process to inject malicious PHP code in the wp-config.php file.

Remediation

Upgrade to the latest version of WordPress Duplicator. This vulnerability was fixed starting with version 1.2.42.

References

Remote code execution vulnerability in WordPress Duplicator

Outdated Duplicator Plugin RCE Abused

Related Vulnerabilities

Flex BlazeDS AMF Deserialization RCE

WordPress Plugin open-flash-chart-core Remote Code Execution (0.4)

WordPress Plugin AccessAlly PHP Code Execution (3.3.1)

Telerik Web UI Unrestricted File Upload (CVE-2017-11317)

WordPress Plugin Analytics Remote Code Execution (1.7)

Severity

High

Classification

CWE-98 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution