A heads up from our friends at Sucuri:
A vulnerability in old versions of the WordPress Duplicator plugin by Snap Creek is enabling hackers to either remove or re-write the wp-config.php file, which breaks the affected sites.
This affects Duplicator versions lower than 1.2.42, and which have these specific characteristics:
- The installer.php file must have been generated by Duplicator
- The installer.php file must have been left in the website’s root folder on the server
If you’re using Duplicator you should check the folder in which your site files reside and remove the installer.php file if it is there.
The current version of Duplicator is 1.2.44, and you should update if you’re running a lower (older) version.
The full details are described on Sucuri’s blog – read it here.