CIS Logo
tagline: Confidence in the Connected World

A Vulnerability in WordPress Duplicator Plugin Could Allow for Arbitrary File Downloads

MS-ISAC ADVISORY NUMBER:

2020-030

DATE(S) ISSUED:

03/03/2020

OVERVIEW:

A vulnerability has been discovered in the WordPress Duplicator Plugin that could allow for Arbitrary File Downloads. WordPress is a web-based publishing application implemented in PHP, and the WordPress Duplicator Plugin helps site administrators migrate and copy WordPress sites. Successful exploitation of this vulnerability could allow for Arbitrary File Downloads.

THREAT INTELLIGENCE:

There are reports that this vulnerability is being exploited in the wild.

SYSTEMS AFFECTED:

  • WordPress Duplicator Plugin prior to 1.3.28

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM
Home Users:
LOW

TECHNICAL SUMMARY:

A vulnerability has been discovered in the WordPress Duplicator Plugin that could allow for Arbitrary File Downloads. This vulnerability exists due to the way Duplicator handles certain requests from unauthenticated users. When an attacker sends a specially crafted request to Duplicator, an unauthenticated user can download arbitrary files from the target WordPress site. This includes the ‘wp-config.php’ file, which contains various site configurations, and potentially database credentials. Successful exploitation of this vulnerability could allow for Arbitrary File Downloads.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate updates provided for Duplicator to affected systems, immediately after appropriate testing.
  • Apply the Principle of Least Privilege to all systems and services.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Monitor intrusion detection systems for any signs of anomalous activity.
  • Unless required, limit external network access to affected products.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Related Resources



Arrow CIS Control 3: Continuous Vulnerability Assessment and Remediation

Information Hub : Advisories


CONTROL: 1 --- ADVISORY CONTROL: 0
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0
CONTROL: 4 --- ADVISORY CONTROL: 0

Pencil White paper 26 Oct 2020