Active Attack on Recently Patched Duplicator Plugin Vulnerability Affects Over 1 Million Sites

by

A critical security update was recently issued for Duplicator, one of the most popular plugins in the WordPress ecosystem. Over a million WordPress sites were affected by a vulnerability allowing attackers to download arbitrary files from victim sites. We urge all Duplicator users to update to version 1.3.28 as soon as possible.

We are detecting active exploitation of this vulnerability in the wild, and estimate more than half a million sites are still running a vulnerable version. Built-in firewall protection prevents these attacks for all Wordfence users, both Premium and those still on the free version of Wordfence. As always, it’s still important to perform security updates regardless of other protections.

Read More: https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/

FIX YOUR WEBSITES HEALTH

Results may vary. Some websites may require ongoing therapy.

1-866-WEB-SHRINK

Real websites, real recovery stories

SUCCESS STORIES

Lisa D.

Store Owner

My website was having performance anxiety. After a few optimization sessions, it's loading faster than ever and enjoys user interactions again.

Treated for:
Performance Depression

Hanna A.

Blog Owner

I thought my site's 404 errors were just a phase, but they helped me understand it was a deeper navigation issue. Now my users can find everything they need.

Treated for:
404 Anxiety Disorder

Robert R.

CEO

Our mobile responsiveness was all over the place. The therapy sessions really helped our site develop a consistent identity across all devices.

Treated for:
Mobile Identity Crisis