Wordfence Smashes 8.7M Cyber Attacks: GutenKit and Hunk Companion Flaws Exposed!
Wordfence blocked 8.7 million attacks exploiting old vulnerabilities in WordPress GutenKit and Hunk Companion plugins. These flaws allowed hackers to install plugins and achieve remote code execution. Despite these attacks being a year old, hackers seemed to have a déjà vu moment, attempting mass exploitation again. Talk about a case of plug-in and play!
Hot Take:
WordPress plugins: the gift that keeps on giving… hackers more ways to ruin your day! Wordfence deserves a gold star for blocking 8.7 million attacks, but maybe it’s time to consider wrapping your WordPress site in bubble wrap. Who knew that managing a website could come with more drama than a reality TV show?
Key Points:
– Wordfence blocked 8.7 million attacks exploiting vulnerabilities in WordPress plugins GutenKit and Hunk Companion.
– The vulnerabilities allow unauthenticated attackers to install arbitrary plugins, potentially leading to Remote Code Execution (RCE).
– The flaws have been a known issue since late 2024 but were recently exploited again on a massive scale.
– Attackers used REST endpoints in the plugins to fetch malicious ZIP files containing backdoors and other payloads.
– Website admins are advised to check logs and plugin directories for suspicious activity and keep plugins updated.