WordPress Users Beware: Mass Exploitation of Critical Plugin Flaws
A widespread attack is underway, targeting WordPress sites through critical plugin vulnerabilities. According to Wordfence, threat actors are exploiting three severe bugs in two widely-used plugins, potentially affecting tens of thousands of websites.
But here's the catch: these vulnerabilities allow attackers to take over websites with ease. Wordfence revealed that the bugs impact the GutenKit and Hunk Companion plugins, with a combined active user base of over 48,000 sites. The vulnerabilities enable unauthenticated attackers to install and activate malicious plugins, leading to remote code execution (RCE).
The discovery: Wordfence's bug bounty program uncovered these flaws on September 25 and October 3, 2024. While Wordfence users are safe due to updated firewall rules, many other organizations remain exposed.
The scale of the threat: The vendor has blocked a staggering 8.8 million exploitation attempts, indicating a massive campaign that resumed on October 8. The three Common Vulnerabilities and Exposures (CVEs) being exploited are:
- CVE-2024-9234: An RCE vulnerability with a CVSS rating of 9.8, affecting GutenKit's Page Builder Blocks plugin (all versions up to 2.1.0). It allows attackers to install and activate plugins or upload malicious files disguised as plugins.
- CVE-2024-9707: A critical flaw with a CVSS score of 9.8, impacting the Hunk Companion plugin for WordPress (all versions up to 1.8.4). It enables unauthenticated RCE if combined with another vulnerable plugin.
- CVE-2024-11972: A critical bypass for CVE-2024-9707, with a CVSS score of 9.8, affecting Hunk Companion (all versions up to 1.8.5). This vulnerability allows attackers to install and activate plugins for RCE if another vulnerable plugin is present.
The impact: These vulnerabilities provide a straightforward path for threat actors to compromise targeted websites. By uploading PHP files and executing malicious code on the server, attackers can hijack sites, potentially leading to data breaches and website defacement.
Mitigation: Wordfence has released a list of attacker IP addresses and domains to assist network defenders in enhancing their resilience against these attacks. However, the best defense is for all WordPress users to ensure they have the latest plugin versions and apply security patches promptly.
And this is where it gets controversial—are WordPress users doing enough to secure their websites? With such severe vulnerabilities, the potential for widespread damage is evident. What steps can be taken to encourage better security practices in the WordPress community? Share your thoughts in the comments below!
