http://feedproxy.google.com/~r/sucuri/blog/~3/vqgjkwU5gvk/outdated-duplicator-plugin-rce-abused.html
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.
These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin.
Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code Execution attack, where the malicious visitor is able to run any arbitrary code on the target site.
Continue reading Outdated Duplicator Plugin RCE Abused at Sucuri Blog.
Source: Security Feed