Actively Exploited Duplicator WordPress Plugin Exploit Risks 1 Million Websites

From latesthackingnews.com

Duplicator WordPress Plugin Flaw

Joining the trail of vulnerable WordPress plugins, here comes another plugin that threatens the security of over 1 million websites. This time the vulnerability appeared in the Duplicator WordPress plugin, which is also under active exploit. Duplicator WordPress Plugin Flaw Wordfence, who previously reported bugs in numerous WordPress plugins, has discovered another vulnerable plugin. This time, they have found the flaw in Duplicator WordPress plugin which hackers are currently exploiting in the wild. Duplicator is a WordPress plugin that facilitates website admins to “migrate and copy” WordPress websites. It also allows admins to download files generated after admins create a new copy of the site. That is where an arbitrary file download vulnerability existed.

Read more…