Description
WordPress Duplicator is a WordPress plugin that creates a package that bundles all the site's plugins, themes, content, database and WordPress files into a simple zip file that can be used to easily migrate a WordPress site.
Synacktiv discovered that WordPress Duplicator versions lower than 1.2.42 does not remove sensitive files after the restoration process. The installer.php and installer-backup.php files can be reused after the restoration process to inject malicious PHP code in the wp-config.php file.
Remediation
Upgrade to the latest version of WordPress Duplicator. This vulnerability was fixed starting with version 1.2.42.
References
Related Vulnerabilities
Xdebug remote code execution via xdebug.remote_connect_back
WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)
WordPress Plugin Five Star Restaurant Menu-WordPress Ordering Remote Code Execution (2.2.0)
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.11)
Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)