Urgent Security Alert: Massive Attack Wave Targets Two Popular WordPress Plugins
A massive, automated attack campaign is currently targeting millions of WordPress websites by exploiting known vulnerabilities in two popular plugins: GutenKit – Template & Block Builder and Hunk Companion. Security experts have tracked a staggering 8.7 million attack attempts originating from over 27,000 different IP addresses, highlighting the widespread and persistent nature of this threat.
This ongoing campaign underscores a critical lesson in website security: old, patched vulnerabilities can be just as dangerous as new ones if proper maintenance is neglected.
The Vulnerabilities Under Attack
The attackers are focusing their efforts on two specific, high-severity flaws that were patched in previous versions of the plugins. If your site is running an outdated version, it is critically exposed.
- GutenKit – Template & Block Builder: The campaign targets a Function Injection vulnerability present in versions 1.5.8 and below. This flaw allows attackers to execute arbitrary code on your server, essentially giving them complete control over your website.
- Hunk Companion: A nearly identical Function Injection vulnerability affects versions 2.5.5 and below. Like the GutenKit flaw, this provides a direct path for attackers to compromise a site, upload malicious files, and create backdoors.
The primary goal of these attacks is to achieve a full site takeover. Once compromised, attackers can inject malware, steal sensitive data, redirect your traffic to malicious sites, or use your server to launch further attacks.
How the Attack Works
The attacks exploit a weakness in how the plugins handle certain requests through WordPress’s REST API. By crafting a specific malicious request, an unauthenticated attacker—meaning anyone on the internet—can trick the plugin into executing harmful commands on the server.
This type of vulnerability is particularly dangerous because it is easy to automate and requires no prior access to the targeted website. Attackers use bots to scan the web for sites running the vulnerable plugin versions and launch their attacks automatically and relentlessly.
How to Protect Your WordPress Site: An Actionable Guide
The good news is that protecting your site from this specific campaign is straightforward. The vulnerabilities have been patched by the plugin developers. Your immediate action is required to ensure your site is secure.
1. Update Your Plugins Immediately
This is the most critical step. If you are using either of these plugins, navigate to your WordPress dashboard right now and check your version numbers.
- For GutenKit, ensure you are running version 1.5.9 or higher.
- For Hunk Companion, ensure you are running version 2.5.6 or higher.
Do not delay these updates. Given the volume of attacks, it is not a matter of if your vulnerable site will be targeted, but when.
2. Implement a Web Application Firewall (WAF)
A quality WAF is an essential layer of modern website security. It acts as a shield, inspecting incoming traffic and blocking malicious requests before they can even reach your website and exploit a vulnerable plugin. A properly configured WAF can provide protection even if you are slow to patch a known flaw, effectively creating a virtual patch for your site.
3. Conduct a Security Audit
If you suspect you may have been running an outdated version of these plugins, it is wise to perform a security audit.
- Scan for malicious files: Use a reputable security plugin to scan your website’s files and database for malware, backdoors, and other indicators of compromise.
- Check for rogue users: Review your WordPress user list, paying close attention to any administrator accounts you do not recognize. Attackers often create their own admin accounts to maintain access.
- Review core file integrity: Ensure that your WordPress core files have not been modified.
This widespread attack campaign is a stark reminder that proactive security management is not optional. Regular updates, strong security protocols, and constant vigilance are the keys to keeping your digital assets safe from ever-evolving threats.
Source: https://securityaffairs.com/183876/uncategorized/wordfence-blocks-8-7m-attacks-exploiting-old-gutenkit-and-hunk-companion-flaws.html
