**Urgent Security Alert: Hunk Companion Plugin Exploited in Massive WordPress Attack**
WordPress site owners are urged to take immediate action following the discovery of a critical vulnerability in the popular Hunk Companion plugin. Identified as CVE-2024-11972, this security flaw has been actively exploited by attackers to install malicious plugins, enabling remote code execution (RCE) attacks on over 10,000 websites.
The Hunk Companion plugin, widely used to enhance website functionality and design, has inadvertently provided cybercriminals with a gateway to infiltrate WordPress sites. By exploiting this vulnerability, attackers can silently install flawed or malicious plugins without the site owner’s knowledge. This allows them to execute arbitrary code, potentially leading to complete control over the affected websites.
Remote code execution is one of the most dangerous types of cyber attacks, as it enables unauthorised users to run any command on a target system. This can result in severe consequences, including data breaches, defacement of websites, and the distribution of malware to site visitors.
Security experts are emphasising the urgency of this situation. If your website utilises the Hunk Companion plugin, it is imperative to update it immediately or consider disabling it until a patch is released. Additionally, it’s advisable to review all installed plugins for any unfamiliar or suspicious entries and ensure that your WordPress installation, themes, and other plugins are up to date.
This incident highlights the critical importance of regular website maintenance and security vigilance. Staying informed about plugin updates and being proactive in applying patches can significantly reduce the risk of such vulnerabilities being exploited.
Protect your website and your users by acting now to address this serious security threat.
Source: WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Malicious Plugins
Author: The Hacker News
