- Unpatched GutenKit and Hunk Companion plugins exploited in mass WordPress attacks
- Attackers use ‘up’ plugin to gain admin access and deploy malware
- Wordfence blocked 8.7 million attempts in 48 hours; updates remain critical
Three critical-severity vulnerabilities, found in two WordPress plugins and fixed more than a year ago, are now being exploited in mass attacks against websites which still haven’t patched the issues.
WordPress security experts Wordfence said it blocked more than 8.7 million attack attempts over the course of roughly 48 hours utilizing GutenKit and Hunk Companion.
The former extends Gutenberg by adding dozens of extra blocks, templates, and layout tools, while the latter is a “helper” plugin for ThemeHunk themes that adds sections like “team”, “services”, “portfolio”, “sliders”, and more.
Malicious payload on GitHub
Between October and December 2024, three flaws were found – and patched – in the plugins: CVE-2024-9234, CVE-2024-9707, and CVE-2024-11972. All three were rated critical (9.8/10), and allow threat actors to install arbitrary plugins and run malicious code on vulnerable sites.
Now, threat actors are taking advantage of the fact that many sites are not that diligent when it comes to applying fixes.
Wordfence says the hackers are using the vulnerabilities to install a malicious plugin called ‘up’, that’s being hosted as a .ZIP archive on GitHub.
The plugin allows the threat actors to upload, download, or delete files from the site, as well as to tamper with the site’s permissions. It also allows the threat actor to automatically log into the vulnerable website as an administrator.
Wordfence also says that between other things, the attackers are using ‘up’ to set up persistence, steal information, and drop additional malware.
Being the world’s number one website builder platform, WordPress is a popular target among cybercriminals. However, since it is generally considered safe, the attackers usually go for themes and plugins, since these are often vulnerable, or lose support.
The best way to mitigate the risk is to only keep the plugins and themes you are actually using, and to make sure they are updated at all times.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
The best antivirus for all budgets
