WordPress Plugin Vulnerability Allows Hackers to Install Malicious Code

Bijay Pokharel, December 12, 2024 0 1 min read

A critical vulnerability in the “Hunk Companion” WordPress plugin is being actively exploited by hackers.

This flaw allows attackers to remotely install other plugins, including those with known vulnerabilities, directly from the WordPress.org repository.

Security researchers at WPScan discovered the vulnerability (CVE-2024-11972), which affects all versions of Hunk Companion before 1.9.0. The plugin, used by over 10,000 WordPress websites, is designed to enhance the functionality of themes developed by ThemeHunk.

Attackers Leverage Vulnerability to Install Malicious Plugins

By exploiting this vulnerability, attackers can install outdated plugins with known security flaws, such as WP Query Console, which contains a remote code execution (RCE) vulnerability (CVE-2024-50498). This allows attackers to gain control over the website, potentially enabling them to steal data, inject malicious code, and create backdoors for future access.

Website owners using the Hunk Companion plugin are urged to update to version 1.9.0 or later immediately to patch this critical vulnerability and mitigate the risk of exploitation.

READ

UnitedHealth Confirms Ransomware Attack Affected 190 Million Americans, Nearly Doubling Earlier Estimates

CYBER SECURITY

Chinese Law Enforcement Suspected of Using "EagleMsgSpy" for Mobile Surveillance

IT NEWS & UPDATES

ChatGPT is Down, OpenAI Working on Resolution

Bijay Pokharel

Bijay Pokharel is the creator and owner of Abijita.com. He is a freelance technology writer focusing on all things pertaining to Cyber Security. The topics he writes about include malware, vulnerabilities, exploits, internet defense, women's safety and privacy, as well as research and innovation in information security. He is a tech enthusiast, keen learner, rational and cool person in his professional activities and challenges.

Subscribe

Cybersecurity Newsletter

You have Successfully Subscribed!

Recent Posts

OpenAI Unveils ChatGPT Gov for Secure Government AI Use

X Money to Launch in 2025 With Visa as First Payments Partner

Google Play Introduces Verification Badge for VPN Apps to Boost Security

U.S. Navy Bans Chinese AI DeepSeek Over Security Concerns

EU Sanctions Russian Hackers Over Cyberattacks on Estonia’s Government

Apple Releases Security Updates to Address Actively Exploited Zero-Day Vulnerability

Subscribe

Cybersecurity Newsletter

You have Successfully Subscribed!

SIGN UP FOR NEWSLETTERS

Please confirm your email address.

Subscribe

Cybersecurity Newsletter

You have Successfully Subscribed!

WordPress Plugin Vulnerability Allows Hackers to Install Malicious Code

Bijay Pokharel

Related posts

Global Investigation Shuts Down Major Phishing-as-a-Service Platform, LabHost

Hacker Steals Source Code Of LastPass

Hackers Used Google Ads To Steal Cryptocurrencies Worth $500K

Duolingo Users’ Data Leaked on Hacking Forum

Insurer Fined $3M for Exposing Data of 650K Clients for Two Years

Law Enforcement Strikes LockBit Ransomware Network with Arrests and Sanctions

Leave a Reply Cancel reply

Recent Posts

OpenAI Unveils ChatGPT Gov for Secure Government AI Use

X Money to Launch in 2025 With Visa as First Payments Partner

Google Play Introduces Verification Badge for VPN Apps to Boost Security

U.S. Navy Bans Chinese AI DeepSeek Over Security Concerns

EU Sanctions Russian Hackers Over Cyberattacks on Estonia’s Government

Apple Releases Security Updates to Address Actively Exploited Zero-Day Vulnerability

Subscribe

Cybersecurity Newsletter

You have Successfully Subscribed!

SIGN UP FOR NEWSLETTERS

Please confirm your email address.