Hunk Companion Plugin Exploit Threatens Thousands of WordPress Sites

December 12, 2024 at 09:18 AM

•

1 min read

Hunk Companion Plugin Exploit Threatens Thousands of WordPress Sites — Photo: The Hacker News

TL;DR Summary

A critical vulnerability in the WordPress Hunk Companion plugin, tracked as CVE-2024-11972, is being exploited by attackers to install other vulnerable plugins, leading to potential Remote Code Execution (RCE) and other attacks. The flaw affects all versions before 1.9.0 and allows unauthorized plugin installations, posing significant security risks. This vulnerability is a patch bypass for a similar flaw, CVE-2024-9707, and highlights the importance of securing WordPress components. Additionally, a high-severity flaw in the WPForms plugin has been disclosed, affecting millions of sites.

Topics:technology #hunk-companion #plugin-exploitation #remote-code-execution #vulnerability #website-security #wordpress

Share this article

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins The Hacker News
Hunk Companion WordPress plugin exploited to install vulnerable plugins BleepingComputer
Another major WordPress plugin has been hacked to try and hijack your sites TechRadar
Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites SecurityWeek
Thousands of sites remain unpatched against actively exploited WordPress plugin bug Ars Technica

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

80%

416 → 82 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights