All-In-One WP Migration plugin exploit

bikegremlinbikegremlin ModeratorOGContent Writer
edited October 2023 in WordPress

An article explaining the problem:

https://robertdevore.com/all-in-one-wp-migration-plugin-ddos-attack/

TL/DR
It requires another exploit to exist already in order for this exploit to work.
What it does is it creates backups non-stop (until your storage is filled up).
If you use the plugin to migrate sites, and then remove it, you should be fine.

Just for the heads up, in case anyone set the plugin to do regular backups (always better solved at the server level, not via a plugin IMO).

Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews

Thanked by (2)FrankZ Ympker

Comments

  • YmpkerYmpker OGContent Writer

    @bikegremlin said:
    An rrticle explaining the problem:

    https://robertdevore.com/all-in-one-wp-migration-plugin-ddos-attack/

    TL/DR
    It requires another exploit to exist already in order for this exploit to work.
    What it does is it creates backups non-stop (until your storage is filled up).
    If you use the plugin to migrate sites, and then remove it, you should be fine.

    Just for the heads up, in case anyone set the plugin to do regular backups (always better solved at the server level, not via a plugin IMO).

    Thanks for the headsup! I use the plugin every once in a while. However, I don't use it for backups (Updraft & Control Panel/Softaculous/external backups all the way), only for migrations.

    Thanked by (1)bikegremlin

    Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.

Sign In or Register to comment.