Description
WordPress Duplicator is a WordPress plugin that creates a package that bundles all the site's plugins, themes, content, database and WordPress files into a simple zip file that can be used to easily migrate a WordPress site.
Synacktiv discovered that WordPress Duplicator versions lower than 1.2.42 does not remove sensitive files after the restoration process. The installer.php and installer-backup.php files can be reused after the restoration process to inject malicious PHP code in the wp-config.php file.
Remediation
Upgrade to the latest version of WordPress Duplicator. This vulnerability was fixed starting with version 1.2.42.
References
Related Vulnerabilities
WordPress 6.1.x Shortcode Execution (6.1 - 6.1.2)
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.10)
WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)
WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10)
WordPress Plugin Subscribe Form Remote Command Execution (1.1)