A widespread campaign exploits vulnerabilities in WordPress plugins GutenKit and Hunk Companion to achieve remote code execution. Despite available fixes, many websites continue using vulnerable versions, and attackers are hosting malicious plugins to maintain persistence and steal data. #WordPressGutenKit #HunkCompanion #RemoteCodeExecution
Keypoints
- The campaign targets WordPress sites with known vulnerable versions of GutenKit and Hunk Companion plugins.
- Attackers exploit three critical vulnerabilities (CVE-2024-9234, CVE-2024-9707, CVE-2024-11972) to enable remote code execution.
- Many websites still run outdated plugin versions, despite fixes introduced almost a year ago.
- Malicious actors host a ZIP archive named ‘up’ containing obfuscated scripts for persistent access and data theft.
- Administrators should monitor specific API endpoints and directory paths for signs of compromise and keep all plugins updated.