Ethical Hacking News
Wordfence has successfully blocked 8.7 million attacks exploiting vulnerabilities in GutenKit and Hunk Companion plugins, highlighting the need for prompt updates and security measures to prevent similar incidents.
Wordfence blocked 8.7 million attacks on GutenKit and Hunk Companion WordPress plugins. The attacks used unauthenticated attackers to install arbitrary plugins, exploiting CVE-2024-9234 (CVSS score of 9.8) and CVE-2024-9707 (and CVE-2024-11972). Attackers installed malicious plugins with obfuscated backdoors, file managers, and PDF-headed vv.php with malicious payloads. The attacks resumed on October 8th-9th, 2025, a year after disclosure of the vulnerabilities. Wordfence's researchers emphasized the importance of keeping plugins updated and configuring Wordfence to scan suspicious plugin directories.
Wordfence, a leading cybersecurity firm, has successfully blocked an astonishing 8.7 million attacks exploiting vulnerabilities in the popular WordPress plugins, GutenKit and Hunk Companion. The attacks, which began on October 8th-9th, 2025, were carried out by threat actors seeking to install malicious plugins on compromised websites.
The vulnerabilities in question are CVE-2024-9234 (CVSS score of 9.8) and CVE-2024-9707 (and CVE-2024-11972, CVSS score of 9.8), both of which allow unauthenticated attackers to install arbitrary plugins. The GutenKit plugin's REST endpoint requests to call its install-active-plugin allowed attackers to fetch malicious ZIP files from GitHub, containing obfuscated backdoors, file managers, and PDF-headed vv.php with malicious payloads.
According to Wordfence researchers, the attack data showed mass exploit attempts against GutenKit and Hunk Companion. Attackers used GutenKit's REST endpoint requests to call GutenKit's install-active-plugin to fetch a malicious ZIP from GitHub (slug "up") containing obfuscated backdoors, file managers, and a PDF-headed vv.php with malicious payloads.
A closer look at the attack data revealed that the attackers were attempting to install plugins with embedded malicious PHP code onto websites. The researchers observed that attacks resumed on October 8th-9th, 2025, a year after disclosure of the vulnerabilities.
The Wordfence Firewall has already blocked over 8,755,000 exploit attempts targeting these vulnerabilities. The company's researchers emphasized the importance of keeping plugins updated and configuring Wordfence to scan files in the /wp-content/plugins/ and /wp-content/upgrade/ directories for any suspicious or unknown plugin directories.
To prevent similar attacks in the future, it is essential to stay vigilant and take proactive measures to secure WordPress websites. Regularly updating plugins and using reputable security solutions like Wordfence can help mitigate the risk of such vulnerabilities being exploited.
In conclusion, this incident highlights the importance of regular updates, patching, and proper configuration of WordPress plugins and other software applications to prevent exploitation of known vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/87-Million-Attacks-Foiled-Wordfence-Battles-Vulnerabilities-in-GutenKit-and-Hunk-Companion-Plugins-ehn.shtml
https://securityaffairs.com/183876/uncategorized/wordfence-blocks-8-7m-attacks-exploiting-old-gutenkit-and-hunk-companion-flaws.html
https://nvd.nist.gov/vuln/detail/CVE-2024-9234
https://www.cvedetails.com/cve/CVE-2024-9234/
https://nvd.nist.gov/vuln/detail/CVE-2024-9707
https://www.cvedetails.com/cve/CVE-2024-9707/
https://nvd.nist.gov/vuln/detail/CVE-2024-11972
https://www.cvedetails.com/cve/CVE-2024-11972/
Published: Mon Oct 27 11:10:19 2025 by llama3.2 3B Q4_K_M
