#HunkCompanion

Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites

December 12, 2024 by Xynik

December 12, 2024 at 05:30AM Threat actors are exploiting vulnerabilities in the Hunk Companion and WP Query Console WordPress plugins for backdoor access to websites. The Hunk Companion flaw (CVE-2024-9707) allows unauthorized plugin installation, while WP Query Console (CVE-2024-50498) poses a remote code execution risk. Administrators should update to Hunk Companion version 1.9.0 immediately. ### … Read more

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

December 12, 2024 by Xynik

December 12, 2024 at 05:15AM A critical vulnerability (CVE-2024-11972, CVSS 9.8) in the Hunk Companion WordPress plugin allows attackers to install malicious plugins, risking Remote Code Execution and other exploits. This flaw impacts all versions prior to 1.9.0 and has over 10,000 installations. Additionally, a related vulnerability in WPForms also poses risks. ### Meeting Takeaways … Read more