Description
WordPress Duplicator is a WordPress plugin that creates a package that bundles all the site's plugins, themes, content, database and WordPress files into a simple zip file that can be used to easily migrate a WordPress site.
Synacktiv discovered that WordPress Duplicator versions lower than 1.2.42 does not remove sensitive files after the restoration process. The installer.php and installer-backup.php files can be reused after the restoration process to inject malicious PHP code in the wp-config.php file.
Remediation
Upgrade to the latest version of WordPress Duplicator. This vulnerability was fixed starting with version 1.2.42.
References
Related Vulnerabilities
WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)
TinyMCE ajax_create_folder remote code execution vulnerability
Drupal Core 8.9.0 Remote Code Execution (8.9.0)
WordPress Plugin WP Hotel Booking Remote Code Execution (1.10.2)
WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)