THE CORTEX PROTOCOL
🏠Home🚨Threats🧩Patches📚Books🎬Mission Logs
🔴 HIGHalert

Hackers Launch Mass Attacks Exploiting Outdated WordPress Plugins

Category:Threats / Web Security
A widespread exploitation campaign targets WordPress websites running outdated GutenKit and Hunk Companion plugins, leveraging CVE-2024-9234, CVE-2024-9707, and CVE-2024-11972 to achieve remote code execution. Wordfence reports blocking 8.7 million attack attempts in two days, with attackers using malicious plugin packages to gain administrative access and persistence.

🎯CORTEX Protocol Intelligence Assessment

Business Impact: High exposure for organizations running outdated WordPress components. Technical Context: Exploitation enables unauthenticated RCE and persistent backdoor deployment via REST API endpoints.

Strategic Intelligence Guidance

  • Update GutenKit and Hunk Companion plugins immediately.
  • Search for indicators of compromise in /wp-json/gutenkit and /wp-json/hc endpoints.
  • Review WordPress installations for unauthorized plugin uploads.
  • Harden CMS configurations and implement web application firewalls.

CVEs

CVE-2024-9234CVE-2024-9707CVE-2024-11972

Vendors

WordPressThemeHunk

Threats

RCE Campaign

Targets

CMS PlatformsWebsite Owners

Tags

#wordpress#rce#cms#cve#mass-attack
Intelligence Source: Hackers launch mass attacks exploiting outdated WordPress plugins | Oct 25, 2025
More stories in CMS Exploits