WordPress Plugins Under Siege: 9 Million Hack Attempts Targeting GutenKit and Hunk Companion!
GutenKit and Hunk Companion WordPress plugins are under siege! With 9 million exploit attempts blocked, attackers are bent on installing rogue plugins. Defiant warns of vulnerabilities allowing remote code execution and unauthorized installations. Site admins, update now or risk becoming the punchline in this digital heist!
Hot Take:
Looks like some WordPress plugins just got a little too “plugged in” for comfort! GutenKit and Hunk Companion are serving up vulnerabilities that would make even the most seasoned hackers blush. If your website suddenly starts speaking in a language of its own, it might be time to check for some uninvited guests. Who knew plugins could be so… promiscuous?
Key Points:
- Defiant reports mass exploitation of three critical vulnerabilities in WordPress plugins GutenKit and Hunk Companion.
- GutenKit’s flaw CVE-2024-9234 allows for arbitrary file uploads, affecting versions prior to 2.1.1.
- Hunk Companion’s issues, CVE-2024-9707 and CVE-2024-11972, allow unauthorized plugin installations, impacting versions before 1.8.4 and 1.8.5.
- Attackers distribute a malicious ZIP file via GitHub, containing scripts for backdoor access and admin control.
- Despite patches being available for over a year, these vulnerabilities remain enticing targets for cyber baddies.
Already a member? Log in here