Active Exploitation of Vulnerability in Popular WordPress Plugin, Duplicator

Snap Creek, the makers of the popular WordPress plugin Duplicator, recently released version 1.3.28 and Duplicator Pro version 3.8.71 to address a serious vulnerability.

Duplicator, which has over 1 million active installations, and according to Snap Creek, been downloaded over 15 million times, is a popular plugin used to migrate and copy WordPress sites.

Researchers at Wordfence observed active exploitation of the vulnerability in the wild. Wordfence says they’ve blocked 60,000 attempts to exploit the flaw. They said 50,000 were blocked prior to Snap Creek releasing their patch on February 12, indicating this was exploited in the wild as a zero-day.

For more information about the vulnerability, please visit our blog.