As it seems one of the most popular WordPress plugins called Duplicator after being used for a site migration or duplication it leaves WordPress sites open to remote code execution attacks(RCE).
We’ve received a dozen requests to clean WordPress hacked websites which contained malware generated from the Duplicator RCE exploit.
Fortunately, this vulnerability is being exploited on an older version of Duplicator(installer version must be older than v1.2.42) so if you’re using the latest version to migrate or duplicate your WP sites you won’t experience any issues.
How to check if your WordPress Duplicator plugin is vulnerable
The tricky part of this exploit is that if you used the vulnerable version of Duplicator and didn’t delete the installer.php or any other installer*.php files from your root even though you may be using the latest version of Duplicator then your site is under the danger of being hacked.
Bottom line is that you need to worry and take action asap if:
- You’re using the WordPress Duplicator plugin version older than 1.2.42
- Your site root directory has a file under the name installer.php or installer*.php
If those conditions are met then remove the installer.php files and update your Duplicator plugin asap.