All-In-One WP Migration plugin exploit
bikegremlin
ModeratorOGContent Writer
An article explaining the problem:
https://robertdevore.com/all-in-one-wp-migration-plugin-ddos-attack/
TL/DR
It requires another exploit to exist already in order for this exploit to work.
What it does is it creates backups non-stop (until your storage is filled up).
If you use the plugin to migrate sites, and then remove it, you should be fine.
Just for the heads up, in case anyone set the plugin to do regular backups (always better solved at the server level, not via a plugin IMO).
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
Comments
Thanks for the headsup! I use the plugin every once in a while. However, I don't use it for backups (Updraft & Control Panel/Softaculous/external backups all the way), only for migrations.
Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.