WordPress Sites Under Siege: Old Plugin Flaws Fuel 8.7 Million Cyber Attacks!
WordPress websites are under siege by a campaign exploiting GutenKit and Hunk Companion plugins. Hackers are on a mission, with 8.7 million blocked attacks in just two days! Wordfence advises updating plugins faster than you can say “CVE-2024-9234” to avoid unwanted visitors. Keep your site safe and your coffee strong!
Hot Take:
WordPress websites are under attack, and the culprits are none other than GutenKit and Hunk Companion plugins. It’s like an old horror movie where the monsters just won’t die, even after a year of updates! Website administrators are advised to stop playing hide and seek with updates and start playing tag with the latest versions before they get tagged out by cyber baddies.
Key Points:
– Wordfence blocked 8.7 million attack attempts on WordPress sites in two days.
– Exploitation involves three critical vulnerabilities: CVE-2024-9234, CVE-2024-9707, and CVE-2024-11972.
– Attackers use a malicious plugin hosted on GitHub for persistence and data theft.
– The vulnerabilities allow installation of arbitrary plugins, leading to remote code execution.
– Fixes are available, but many sites still run outdated, vulnerable plugin versions.