A Vulnerability in WordPress Duplicator Plugin Could Allow for Arbitrary File Downloads
by CIRT Team
Description: A vulnerability has been discovered in the WordPress Duplicator Plugin that could allow for Arbitrary File Downloads. This vulnerability exists due to the way Duplicator handles certain requests from unauthenticated users. When an attacker sends a specially crafted request to Duplicator, an unauthenticated user can download arbitrary files from the target WordPress site. This includes the ‘wp-config.php’ file, which contains various site configurations, and potentially database credentials.
Impact: Successful exploitation of this vulnerability could allow for Arbitrary File Downloads.
System Affected:
* WordPress Duplicator Plugin prior to 1.3.28
Mitigation:
The following actions are recommended:
* Apply appropriate updates provided for Duplicator to affected systems, immediately after appropriate testing.
* Apply the Principle of Least Privilege to all systems and services.
* Verify no unauthorized system modifications have occurred on system before applying patch.
* Monitor intrusion detection systems for any signs of anomalous activity.
* Unless required, limit external network access to affected products.
Reference URL’s:
https://wordpress.org/plugins/duplicator/
https://www.tenable.com/blog/duplicator-wordpress-plugin-vulnerability-exploited-in-the-wild
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
