Ongoing Exploitation Attacks Target WordPress Plugins
Recent mass exploitation attacks have again struck WordPress websites, exploiting significant vulnerabilities within two widely used plugins: GutenKit and Hunk Companion. Cybersecurity researchers report that the offensive commenced on October 8, resulting in approximately nine million blocked exploit attempts over a fortnight.
The vulnerabilities stem from three critical flaws that enable attackers to install and activate arbitrary plugins without authentication. This poses a dire risk of complete site compromise, particularly if additional susceptible plugins are present.
Wordfence, the first to identify this malicious campaign, noted that while these vulnerabilities had previously been exploited, they are now being harnessed with renewed vigor.
Hunk Companion, a plugin utilized for theme customization, features a missing capability check within the /wp-json/hc/v1/themehunk-import REST API endpoint. Versions up to 1.8.5 are vulnerable, allowing remote installation and activation of plugins.
This flaw is identified as a bypass of CVE-2024-9707, granting attackers the potential for complete control over a WordPress site should they activate another plugin capable of executing code.
GutenKit, recognized for its enhancements to Gutenberg blocks, exhibits a similar vulnerability. Versions prior to 2.1.1 are susceptible to CVE-2024-9234, which allows arbitrary file uploads due to a missing capability check.
This vulnerability can be manipulated to upload counterfeit plugin files or activate malevolent extensions. Prior versions of Hunk Companion, specifically 1.8.4 and 1.8.5, suffer from two additional capability check flaws tracked as CVE-2024-9707 and CVE-2024-11972.Attack flow (Via Wordfence)
Experts assert that this campaign underscores a persistent issue in the management of open-source components by organizations.
Vineeta Sangaraju, a Security Solutions Engineer at Black Duck, emphasized that despite the resolution of these flaws long ago, numerous websites have failed to implement the necessary updates.
“The continued exploitation of these critical vulnerabilities, a year post-discovery and patching, indicates that open source is often treated as ‘set and forget,’” she remarked.
According to Black Duck’s 2025 Open Source Security and Risk Analysis report, the usage of open-source components has surged threefold in four years, with 90% of applications relying on software that is, on average, ten versions outdated.
Sangaraju further noted that neglecting regular maintenance affords attackers a significant advantage. The estimated eight million exploit attempts recorded in October alone starkly illustrate how swiftly unpatched systems can be targeted once a vulnerability becomes known.
Website administrators using GutenKit or Hunk Companion are strongly advised to update to GutenKit 2.1.1 and Hunk Companion 1.8.6 or later, and to review installed plugins for any unauthorized modifications. Comprehensive findings from Wordfence can be explored in detail on their blog here.
Source link: Hackread.com.
