Support » Plugin: Duplicator - WordPress Migration Plugin » Possible Stealing My Database Credentials

  • Resolved Terry J

    (@texasbiz)


    I got alerted (some days ago) that there is exact site cloned with all my info – right down to members database. Seems only way is if someone got my database credentials. Just paid for a full security audit and my server is secure, assured no way the hackers came in using server details.

    Is it possible they used Duplicator? I am told this is what happen but refuse to believe it. Surely you would have alerted all users it problem, right?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Yes, this is probably what happened to you.

    Please read this about the compromise: https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/

    • This reply was modified 2 years, 5 months ago by Jan Dembowski.
    Plugin Author Cory Lamle

    (@corylamleorg)

    Hi Terry,

    The issue your speaking of has been patched with the latest version. Unfortunately, there was a window in which the plugin had a vulnerability. In these scenarios it can be difficult to isolate the issue but if the plugin was the source of compromise we apologize!

    As with every company large and small security issues can happen. In the WordPress ecosystem, the only way to alert users is through plugin update notifications. Once we heard of the issue we had a patch within an hour and users should have gotten a notice to update the plugin. We made sure that the notice was visible in our changelog.

    With that said our team is doing everything possible to make sure this issue never happens again! If you happened to have a plugin like WordFence installed it would have been able to block the issue. We recommend on all public sites that users install the added security and enable auto-updates for plugins.

    Sincerely

    The Duplicator Team

    @corylamleorg How is it possible that such grave mistakes pass trough code review? Using nopriv on file downloads and not sanitizing filenames? Thts just crazy.

    Plugin Author Cory Lamle

    (@corylamleorg)

    Hi @fried_eggz,

    We recognize it was a bad mistake and are very concerned/surprised that it actually slipped through our review and testing processes. Without a doubt, we are making every effort at making sure it never happens again.

    Thanks~

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Possible Stealing My Database Credentials’ is closed to new replies.