- Unpatched GutenKit and Hunk Companion plugins exploited in mass attacks on WordPress
- Attackers use the “op” plugin to gain administrator access and deploy malware
- Wordfence blocked 8.7 million attempts in 48 hours; updates remain critical
Three critical vulnerabilities, found in two WordPress plugins and patched more than a year ago, are now being exploited in mass attacks against sites that still haven’t patched the issues.
WordPress security experts Wordfence said it blocked more than 8.7 million attack attempts in about 48 hours using GutenKit and Hunk Companion.
The former extends Gutenberg by adding dozens of extra blocks, templates and layout tools, while the latter is a “helper” plugin for ThemeHunk themes that adds sections like “team”, “services”, “portfolio”, “sliders” and more.
Malicious payload on GitHub
Between October and December 2024, three bugs were found – and fixed – in plugins: CVE-2024-9234, CVE-2024-9707 and CVE-2024-11972. All three were rated critical (9.8/10) and allow threat actors to install arbitrary plugins and run malicious code on vulnerable websites.
Now, threat actors are taking advantage of the fact that many websites are not as diligent when it comes to applying patches.
Wordfence says the hackers are using the vulnerabilities to install a malicious plugin called ‘up’ hosted as a .ZIP archive on GitHub.
The plugin allows the threat actors to upload, download or delete files from the site, as well as to manipulate the site’s permissions. It also allows the threat actor to automatically log into the vulnerable site as an administrator.
Wordfence also says that, among other things, the attackers use ‘up’ to configure persistence, steal information and drop additional malware.
As the world’s leading platform for building websites, WordPress is a popular target for cybercriminals. However, since it is generally considered safe, the attackers usually go after themes and plugins, as these are often vulnerable or out of support.
The best way to reduce your risk is to keep only the plugins and themes you actually use and keep them updated at all times.
Via Bleeping Computer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
The best antivirus for all budgets
