LONDON (IT BOLTWISE) – A massive wave of attacks is currently threatening WordPress websites worldwide. Hackers exploit critical security holes in the popular GutenKit and Hunk Companion plugins to gain unauthorized access. These vulnerabilities, discovered back in 2024, are now in focus again and demonstrate the ongoing danger of unsecured installations.
Today’s daily deals at Amazon! ˗ˋˏ$ˎˊ˗
The threat landscape for WordPress websites has increased dramatically as hackers have launched a large-scale attack campaign targeting critical vulnerabilities in the widely used GutenKit and Hunk Companion plugins. These vulnerabilities, first discovered in 2024, came into focus again in October 2025, highlighting the ongoing danger posed by unsecured installations.
The attackers exploit incorrect authorization checks in the REST API endpoints of the plugins. These vulnerabilities allow unauthenticated attackers to install malicious plugins and achieve remote code execution without user interaction or authentication. This poses a significant threat to the integrity and security of the affected websites.
The GutenKit plugin, which has over 40,000 active installations, and Hunk Companion, which has around 8,000 users, offer a large attack surface due to their widespread use. Wordfence Threat Response Unit analysts found that attackers began mass exploitation of these vulnerabilities again on October 8, 2025, indicating that threat actors continue to exploit these critical vulnerabilities for large-scale compromise operations.
The Wordfence firewall has already blocked over 8,755,000 exploit attempts targeting these vulnerabilities since the protection rules were implemented. The threat landscape shows an organized attack infrastructure with multiple malicious payloads designed for persistence and lateral movement. The attackers distribute heavily obfuscated backdoors, file managers, and webshells capable of mass defacement, network exploration, and terminal access.
The fundamental vulnerability lies in a critical misconfiguration in the registration of REST API endpoints. Both plugins implement permission callbacks that unconditionally allow unauthenticated requests by returning True values, effectively disabling access controls entirely. In GutenKit, the vulnerable endpoint leads to the install_and_activate_plugin_from_external() function via thegutenkit/v1/install-active-plugin endpoint, while Hunk Companion provides similar functionality via hc/v1/themehunk-import.
Website administrators should immediately update GutenKit to version 2.1.1 and Hunk Companion to version 1.9.0. It is recommended to check the wp-content/plugins and wp-content/upgrade directories for suspicious installations and monitor access logs for requests to the /wp-json/gutenkit/v1/install-active-plugin and /wp-json/hc/v1/themehunk-import endpoints. Additionally, firewall rules should be implemented to limit API access to authenticated users only.
*Order an Amazon credit card with no annual fee with a credit limit of 2,000 euros! a‿z
Bestseller No. 1 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 2 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 3 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 4 ᵃ⤻ᶻ «KI Gadgets»
Bestseller No. 5 ᵃ⤻ᶻ “KI Gadgets”
Please send any additions and information to the editorial team by email to de-info[at]it-boltwise.de. Since we cannot rule out AI hallucinations, which rarely occur with AI-generated news and content, we ask you to contact us via email and inform us in the event of false statements or misinformation. Please don’t forget to include the article headline in the email: “WordPress plugins under attack: security holes endanger websites worldwide”.
The post WordPress plugins under attack: security gaps endanger websites worldwide appeared first on Veritas News.
