A security vulnerability was recently found in the popular WordPress plugin Duplicator and has already been used to attack vulnerable systems.
The security vulnerability in a WordPress plugin allows attackers to download arbitrary files and gain access to database passwords and other data.
Currently the plugin Duplicator has a serious vulnerability in its older versions.
More information can be found here: WordFence
Duplicator's developers already offer a patch to help you fix this security vulnerability.
This malicious software has already been used to attack other systems.
The best practice in cases like this one where the plugin is not constantly needed on your website it's better to remove it from your installation.