If you are using WordPress Duplicator plugin, it is better to check your system if any vulnerability exists.
On February 12, Snap Creek, makers of the popular WordPress plugin Duplicator, released version 1.3.28 and Duplicator Pro version 126.96.36.199 to address a serious vulnerability.
According to researchers at Wordfence, an unauthenticated arbitrary file download vulnerability exists in Duplicator versions 1.3.26 and Duplicator Pro versions 3.8.7.
Snap Creek addressed this vulnerability in Duplicator version 1.3.28 and Duplicator Pro version 188.8.131.52 on February 12. Duplicator and Duplicator Pro users are strongly encouraged to upgrade to versions 1.3.28 and 184.108.40.206 or greater as soon as possible.
Additionally, review HTTP logs for requests that include the following query strings:
The most reliable indicator is whether the request contains the file parameter, as that is required to exploit this vulnerability.