Outdated Duplicator Plugin RCE Abused
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.
These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin.
Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code Execution attack, where the malicious visitor is able to run any arbitrary code on the target site.
Continue reading Outdated Duplicator Plugin RCE Abused at Sucuri Blog.