Critical Alert: Hackers Exploit Hunk Companion WordPress Plugin!

Cybercriminals are targeting the popular WordPress plugin, Hunk Companion, to install and activate vulnerable plugins from the WordPress.org repository. This alarming activity allows attackers to exploit flaws in older plugins, opening the door to devastating cyberattacks like Remote Code Execution (RCE), SQL Injection, and Cross-Site Scripting (XSS). 🕵️♂️

The flaw, tracked as CVE-2024–11972, was uncovered by WPScan researcher Daniel Rodriguez. The vulnerability allows hackers to send unauthenticated POST requests to install plugins of their choice. Attackers have already exploited this to install and activate a vulnerable version of WP Query Console, a plugin that hadn’t been updated in over 7 years. 😱

By exploiting this vulnerability, cybercriminals can:

With over 10,000 active installations, Hunk Companion is widely used to enhance the functionality of ThemeHunk themes. Sites running versions below 1.9.0 are vulnerable. Despite a patch being released in version 1.9.0, over 8,000 sites remain at risk due to delayed updates. ⏳

If you’re using the Hunk Companion plugin, act immediately to secure your site. Here’s how:

Cybercriminals are constantly scanning for vulnerable WordPress sites. The longer you delay updating, the more exposed you become to active exploitation campaigns. The lesson is clear: keep your plugins updated and prioritize website security.

The exploitation of the Hunk Companion plugin highlights the dangers of relying on outdated software. If you’re running a WordPress site, act fast to update, secure, and monitor. Need a second opinion on your site’s security? Check out Wire Tor Pentest Services to ensure your website is hacker-proof. 🔐

📣 Follow for Pentest Service Updates: https://www.linkedin.com/company/wiretor