“`html

WordPress Plugin Exploitation Campaign Targets GutenKit and Hunk Companion

A widespread exploitation campaign ⁣is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE).

WordPress security firm Wordfence says that it‍ blocked 8.7 million attack attempts against its customers in just​ two days, October​ 8 ⁢and 9.

Understanding the Vulnerabilities

The campaign exploits three flaws, tracked as CVE-2024-9234, CVE-2024-9707, ⁣and CVE-2024-11972, all ‌rated critical (CVSS ‌9.8). These vulnerabilities allow attackers to install arbitrary plugins on vulnerable WordPress sites, perhaps leading to complete site compromise.

CVE-2024-9234 is an unauthenticated REST-endpoint flaw in ⁣the GutenKit⁤ plugin (with 40,000 installs) that allows installing arbitrary⁣ plugins without authentication. ⁢This means anyone can ‌potentially install a malicious plugin on a site using a vulnerable version of GutenKit.

CVE-2024-9707 and CVE-2024-11972 are missing-authorization vulnerabilities in the ‌themehunk-import REST endpoint of the Hunk Companion plugin (8,000 installs) which can also lead to installing arbitrary plugins. Similar to CVE-2024-9234, these ⁣flaws bypass security ⁢checks, allowing unauthorized plugin installations.

An authenticated attacker can leverage these vulnerabilities to introduce another vulnerable plugin that ⁣allows remote code execution. ‌This is a ‍common⁣ tactic in exploit chains, where attackers use ⁢one vulnerability to gain a‍ foothold and then exploit further weaknesses to achieve their ultimate⁢ goal.

Affected Versions

• CVE-2024-9234 affects GutenKit 2.1.0 and earlier
• CVE-2024-9707 ​impacts hunk Companion 1.8.4 and ‌older

Share this:

• Facebook
• X

Related