Description

WordPress Duplicator is a WordPress plugin that creates a package that bundles all the site's plugins, themes, content, database and WordPress files into a simple zip file that can be used to easily migrate a WordPress site.

Synacktiv discovered that WordPress Duplicator versions lower than 1.2.42 does not remove sensitive files after the restoration process. The installer.php and installer-backup.php files can be reused after the restoration process to inject malicious PHP code in the wp-config.php file.

Remediation

Upgrade to the latest version of WordPress Duplicator. This vulnerability was fixed starting with version 1.2.42.

References

Remote code execution vulnerability in WordPress Duplicator

Outdated Duplicator Plugin RCE Abused

Related Vulnerabilities

WordPress Plugin Advanced Access Manager Arbitrary Code Execution (2.8.2)

WordPress Plugin VaultPress Remote Code Execution (1.9.0)

Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)

Telerik Web UI Unrestricted File Upload (CVE-2014-2217)

WordPress Plugin Subscribe Form Remote Command Execution (1.1)

Severity

High

Classification

CWE-98 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution