Outdated Duplicator Plugin RCE Abused

We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.

These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin.

Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code Execution attack, where the malicious visitor is able to run any arbitrary code on the target site.

Continue reading Outdated Duplicator Plugin RCE Abused at Sucuri Blog.

Story added 14. September 2018, content source with full text you can find at link above.

Comments are closed.

More antivirus and malware news?

Amid cyberattacks, ISPs try to clean up the internet
Will the U.S. government draft cybersecurity professionals?
Navy SEALs to Shift From Counterterrorism to Global Threats
Cybereason Raises $275 Million to Fuel Growth
Dyre Banking Trojan Now Targets Windows 10, Microsoft Edge
Hackers publish offensive photo on Omani gov’t website
Most Attacks Don’t Generate Security Alerts: Mandiant
IPv6 celebrates its 20th birthday by reaching 10 percent deployment
Study Finds Rampant Sale of SSL/TLS Certificates on Dark Web
US Aeronautical Organization Hacked via Zoho, Fortinet Vulnerabilities

Outdated Duplicator Plugin RCE Abused

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts