/*! elementor-pro - v3.26.0 - 17-12-2024 */
(()=>{"use strict";class Screenshot extends elementorModules.ViewModule{getDefaultSettings(){return{empty_content_headline:"Empty Content.",crop:{width:1200,height:1500},excluded_external_css_urls:["https://kit-pro.fontawesome.com"],external_images_urls:["https://i.ytimg.com"],timeout:15e3,render_timeout:5e3,timerLabel:null,timer_label:`${ElementorScreenshotConfig.post_id} - timer`,image_placeholder:"data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=",isDebug:elementorCommonConfig.isElementorDebug,isDebugSvg:!1,...ElementorScreenshotConfig}}getDefaultElements(){const e=jQuery(ElementorScreenshotConfig.selector),t=e.find(".elementor-section-wrap > .elementor-section, .elementor > .elementor-section");return{$elementor:e,$sections:t,$firstSection:t.first(),$notElementorElements:elementorCommon.elements.$body.find("> *:not(style, link)").not(e),$head:jQuery("head")}}onInit(){return super.onInit(),this.log("Screenshot init","time"),this.timeoutTimer=setTimeout(this.screenshotFailed.bind(this),this.getSettings("timeout")),this.captureScreenshot()}captureScreenshot(){return this.elements.$elementor.length||(elementorCommon.helpers.consoleWarn("Screenshots: The content of this page is empty, the module will create a fake conent just for this screenshot."),this.createFakeContent()),this.removeUnnecessaryElements(),this.handleIFrames(),this.removeFirstSectionMargin(),this.handleLinks(),this.loadExternalCss(),this.loadExternalImages(),Promise.resolve().then(this.createImage.bind(this)).then(this.createImageElement.bind(this)).then(this.cropCanvas.bind(this)).then(this.save.bind(this)).then(this.screenshotSucceed.bind(this)).catch(this.screenshotFailed.bind(this))}createFakeContent(){this.elements.$elementor=jQuery("<div>").css({height:this.getSettings("crop.height"),width:this.getSettings("crop.width"),display:"flex",alignItems:"center",justifyContent:"center"}),this.elements.$elementor.append(jQuery("<h1>").css({fontSize:"85px"}).html(this.getSettings("empty_content_headline"))),document.body.prepend(this.elements.$elementor)}loadExternalCss(){const e=[this.getSettings("home_url"),...this.getSettings("excluded_external_css_urls")].map((e=>`[href^="${e}"]`)).join(", ");jQuery("link").not(e).each(((e,t)=>{const s=jQuery(t),n=s.clone();n.attr("href",this.getScreenshotProxyUrl(s.attr("href"))),this.elements.$head.append(n),s.remove()}))}loadExternalImages(){const e=this.getSettings("external_images_urls").map((e=>`img[src^="${e}"]`)).join(", ");jQuery(e).each(((e,t)=>{const s=jQuery(t);s.attr("src",this.getScreenshotProxyUrl(s.attr("src")))}))}handleIFrames(){this.elements.$elementor.find("iframe").each(((e,t)=>{const s=jQuery(t),n=jQuery("<div />",{css:{background:"gray",width:s.width(),height:s.height()}});s.before(n),s.remove()}))}removeUnnecessaryElements(){let e=0;this.elements.$sections.filter(((t,s)=>{let n=!1;return e>=this.getSettings("crop.height")&&(n=!0),e+=jQuery(s).outerHeight(),n})).each(((e,t)=>{t.remove()})),this.elements.$notElementorElements.remove()}handleLinks(){elementorCommon.elements.$body.find("a").attr("href","/")}removeFirstSectionMargin(){this.elements.$firstSection.css({marginTop:0})}createImage(){const e=new Promise((e=>{window.addEventListener("load",(()=>{e()}))})),t=new Promise((e=>{setTimeout((()=>{e()}),this.getSettings("render_timeout"))}));return Promise.race([e,t]).then((()=>{if(this.log("Start creating screenshot."),this.getSettings("isDebugSvg"))return domtoimage.toSvg(document.body,{imagePlaceholder:this.getSettings("image_placeholder")}).then((e=>this.download(e))),Promise.reject("Debug SVG.");return/^((?!chrome|android).)*safari/i.test(window.userAgent)?(this.log('Creating screenshot with "html2canvas"'),html2canvas(document.body).then((e=>e.toDataURL("image/png")))):(this.log('Creating screenshot with "dom-to-image"'),domtoimage.toPng(document.body,{imagePlaceholder:this.getSettings("image_placeholder")}))}))}download(e){const t=jQuery("<a/>",{href:e,download:"debugSvg.svg",html:"Download SVG"});elementorCommon.elements.$body.append(t),t.trigger("click")}createImageElement(e){const t=new Image;return t.src=e,new Promise((e=>{t.onload=()=>e(t)}))}cropCanvas(e){const t=this.getSettings("crop.width"),s=this.getSettings("crop.height"),n=document.createElement("canvas"),i=n.getContext("2d"),o=t/e.width;return n.width=t,n.height=s>e.height?e.height:s,i.drawImage(e,0,0,e.width,e.height,0,0,e.width*o,e.height*o),Promise.resolve(n)}save(e){return new Promise(((t,s)=>{elementorCommon.ajax.addRequest("screenshot_save",{data:{post_id:this.getSettings("post_id"),screenshot:e.toDataURL("image/png")},success:e=>{this.log(`Screenshot created: ${encodeURI(e)}`),t(e)},error:()=>{this.log("Failed to create screenshot."),s()}})}))}markAsFailed(){return new Promise(((e,t)=>{elementorCommon.ajax.addRequest("screenshot_failed",{data:{post_id:this.getSettings("post_id")},success:()=>{this.log("Marked as failed."),e()},error:()=>{this.log("Failed to mark this screenshot as failed."),t()}})}))}getScreenshotProxyUrl(e){return`${this.getSettings("home_url")}?screenshot_proxy&nonce=${this.getSettings("nonce")}&href=${e}`}screenshotSucceed(e){this.screenshotDone(!0,e)}screenshotFailed(e){this.log(e,null),this.markAsFailed().then((()=>this.screenshotDone(!1)))}screenshotDone(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;clearTimeout(this.timeoutTimer),this.timeoutTimer=null,window.parent.postMessage({name:"capture-screenshot-done",success:e,id:this.getSettings("post_id"),imageUrl:t},"*"),this.log(`Screenshot ${e?"Succeed":"Failed"}.`,"timeEnd")}log(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"timeLog";this.getSettings("isDebug")&&(console.log("string"==typeof e?`${this.getSettings("post_id")} - ${e}`:e),t&&console[t](this.getSettings("timer_label")))}}jQuery((()=>{new Screenshot}))})();{"id":919,"date":"2024-12-12T17:06:58","date_gmt":"2024-12-12T17:06:58","guid":{"rendered":"https:\/\/thetach.com\/?p=919"},"modified":"2024-12-12T17:06:59","modified_gmt":"2024-12-12T17:06:59","slug":"wordpress-hunk-companion-plugin-exploited-to-stealthily-install-risky-plugins","status":"publish","type":"post","link":"https:\/\/thetach.com\/?p=919","title":{"rendered":"WordPress Hunk Companion Plugin Exploited to Stealthily Install Risky Plugins"},"content":{"rendered":"\n<p>The <strong>WordPress Hunk Companion Plugin<\/strong> has been recently targeted by<strong> cyber attackers<\/strong> who used a critical hole to upload insecure versions of plugins secretly. This paragon of security breach has raised eyebrows within WordPressers since it opens websites to high risks. Hackers have abused this vulnerability to inject, for example, plugins beyond those recognized properly with exploitable bugs resulting in <strong>data leakage<\/strong>, <strong>website cracking<\/strong>, or total system compromise. The specific exploit exploitation of a vulnerability allows the execution of arbitrary code and direct installation of the plugin from the <strong>WordPress.org<\/strong> repository. These risky plugins may be out of date or in other words no longer under active development, limiting their security. Such activity is counterproductive and poses a huge threat to <strong>WordPress website security<\/strong>, which can bring long-term consequences to website owners.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Understanding the WordPress Hunk Companion Plugin<\/strong><\/h2>\n\n\n\n<p><strong>WordPress Hunk Companion Plugin<\/strong> was intended to boost the features of themes created by ThemeHunk. These themes are quite flexible and if you can install them, you are ready to roll, whether a small business, flying solo, or even a blogger. Though this plugin depends more on <strong>Hunk themes<\/strong>, it has become a handy tool for many <strong>WordPress users<\/strong>. At present, it is used on more than10,0000 sites. Even though it enjoys this level of popularity and is used on only about 7% of websites, it has not been immune to attackers seeking to capture any loophole that can be used to attack WordPress.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Details of the CVE-2024-11972 Vulnerability<\/strong><\/h2>\n\n\n\n<p>The <strong>critical CVE-2024-11972 vulnerability<\/strong> allows attackers to execute <strong>unauthenticated plugin installations<\/strong> using specially crafted POST requests. Hackers exploit this flaw to bypass administrative controls and directly install plugins with known security flaws. Discovered by WPScan researcher Daniel Rodriguez, this vulnerability impacts all versions of the <strong>WordPress Hunk Companion Plugin<\/strong> released before version 1.9.0. The latest version, which was released as a security update, addresses this critical issue and is strongly recommended for all users.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How the Security Flaw Is Being Exploited<\/strong><\/h2>\n\n\n\n<p><strong>Cybercriminals<\/strong> exploiting the<strong> Hunk Companion security flaw <\/strong>have been observed installing outdated plugins like <strong>WP Query Console<\/strong>. This precise plugin has such nasty outdated flaws that a hacker can easily gain code execution <strong>(RCE)<\/strong> and more. The <strong>critical CVE-2024-11972 vulnerability<\/strong> is exploited to upload two PHP scripts to the victim sites. AThesescripts can be useful for such purposes as stealing data, modifying the contents, exploiting the loopholes, and making a persistent wrench to perform attacks in the future. This problem is a clear indication that a call for action and measures should be taken by website owners as soon as possible.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Active Exploitation Observed in the Wild<\/strong><\/h2>\n\n\n\n<p>During their investigations, WPScan researchers documented active exploitation of the <strong>Hunk Companion security flaw<\/strong>. On an infected WordPress site, hackers installed risky plugins and placed malicious scripts in the root directory. These scripts enabled attackers to execute commands remotely, allowing continuous control over the compromised site. The presence of PHP droppers, which facilitate repeated unauthorized access, was particularly alarming. Similar techniques have used in other high-profile WordPress attacks, underscoring the sophistication of today\u2019s cyber threats.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>A History of Security Challenges<\/strong><\/h2>\n\n\n\n<p>The <strong>WordPress Hunk Companion Plugin<\/strong> has faced security issues in the past. An earlier vulnerability has found in version 1.8.5 and  termed as <strong>CVE-2024-9707<\/strong>. A patch made available, but later, the attackers able to circumvent it and again make the sites all exposed. These recurring vulnerabilities highlight the importance of robust security practices during plugin development. Developers must implement rigorous testing and frequent updates to mitigate risks and protect users.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Why Updating to Version 1.9.0 Is Crucial<\/strong><\/h2>\n\n\n\n<p>There are several things to note regarding the <strong>Hunk Companion security vulnerability<\/strong> To put it in context, the release of version 1.9.0 has given a new direction in dealing with the problem. The targeted plugins are reported to in continuous use, and users are encouraged to update them to prevent further abuse on their websites. <\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"572\" src=\"https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/unauthenticated-plugin-installation-1024x572.jpg\" alt=\"unauthenticated plugin installation\" class=\"wp-image-921\" srcset=\"https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/unauthenticated-plugin-installation-1024x572.jpg 1024w, https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/unauthenticated-plugin-installation-300x168.jpg 300w, https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/unauthenticated-plugin-installation-768x429.jpg 768w, https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/unauthenticated-plugin-installation.jpg 1111w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Source: <a href=\"https:\/\/www.darkreading.com\/\">darkreading.com<\/a><\/figcaption><\/figure><\/div>\n\n\n<p>However, the take-up of this release relatively subdued, with less than 20% of users having installed the update. This delay in rolling out updates experienced extensively amongst <strong>WordPress users<\/strong>. Many users fail to recognize the urgency of security updates, leaving their websites exposed to serious threats. Website owners must prioritize regular updates to maintain robust <strong>WordPress website security<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Practical Steps to Enhance Website Security<\/strong><\/h2>\n\n\n\n<p>To safeguard against similar vulnerabilities and improve overall <strong>WordPress website security<\/strong>, consider the following best practices: Do not allow yourself to exploited by failing to update all tools to the latest version. <strong>Use reputable security plugins<\/strong>: There is protection and <strong>monitoring software<\/strong> available on the market, such as Wordfence and Sucuri. <strong>Limit plugin usage<\/strong>: In this context, you should install only the plugins that get updates and updates frequently and that you need. Enable two-factor authentication (2FA): Place an additional security measure on the admin page login. <strong>Monitor website activity<\/strong>: Perform scheduled check-ups to look for modifications that made without one\u2019s knowledge, or abnormal behavior.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Consequences of Ignoring Security Flaws<\/strong><\/h2>\n\n\n\n<p>Failing to address vulnerabilities like the <strong>Hunk Companion security flaw<\/strong> can lead to severe consequences. These include <strong>Loss of sensitive data<\/strong>: Hackers can steal customer information or business records. <strong>Business disruption<\/strong>: Website downtime caused by attacks can result in lost revenue. <strong>Reputation damage<\/strong>: A hacked website erodes user trust and credibility. Legal implications: They pave the way to litigation or regulatory penalties. Such risks explain why one needs to take preventive measures to safeguard websites from other formidable threats.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p>The attack on the <strong>WordPress Hunk Companion Plugin<\/strong> with the critical <strong>CVE-2024-11972<\/strong> vulnerability is a good example of how dangerous the situation with website security is. Website owners have to be proactive in their approach and constantly learn how to adapt the plugins they use or modify for appropriate security measures as well as keep abreast with any risks. The risks are high: over 8,000 websites remain exposed. Measures should taken before the attacker continues further with the exploitation. And before the site owner or administrator protected against subsequent attacks. It is up to both developers and users to pay more attention to security in the current world of technology.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>FAQs<\/strong><\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1734022888438\"><strong class=\"schema-faq-question\"><strong>What is the purpose of the WordPress Hunk Companion Plugin?<\/strong><\/strong> <p class=\"schema-faq-answer\">The plugin enhances Hunk themes, offering additional features and functionality.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1734022896075\"><strong class=\"schema-faq-question\"><strong>What makes CVE-2024-11972 a critical vulnerability?<\/strong><\/strong> <p class=\"schema-faq-answer\">This flaw allows unauthorized plugin installations via POST requests, compromising websites.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1734022911744\"><strong class=\"schema-faq-question\"><strong>How do hackers exploit outdated plugins like WP Query Console?<\/strong><\/strong> <p class=\"schema-faq-answer\">Hackers exploit known vulnerabilities in outdated plugins to execute malicious commands.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1734022925999\"><strong class=\"schema-faq-question\"><strong>What measures can improve WordPress website security?<\/strong><\/strong> <p class=\"schema-faq-answer\">Regular updates, security plugins, and two-factor authentication strengthen website defenses.<\/p> <\/div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>The WordPress Hunk Companion Plugin has been recently targeted by cyber attackers who used a critical hole to upload insecure versions of plugins secretly. This paragon of security breach has raised eyebrows within WordPressers since it opens websites to high risks. Hackers have abused this vulnerability to inject, for example, plugins beyond those recognized properly &#8230; <a title=\"WordPress Hunk Companion Plugin Exploited to Stealthily Install Risky Plugins\" class=\"read-more\" href=\"https:\/\/thetach.com\/?p=919\" aria-label=\"Read more about WordPress Hunk Companion Plugin Exploited to Stealthily Install Risky Plugins\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":920,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[361,360,362],"class_list":["post-919","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacking-tips-and-tricks","tag-unauthenticated-plugin-installation","tag-wordpress-hunk-companion-plugin","tag-wordpress-website-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>WordPress Hunk Companion Plugin Exploited to Risky Plugins<\/title>\n<meta name=\"description\" content=\"A critical vulnerability in WordPress Hunk Companion Plugin allows hackers to install risky plugins, compromising website security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/thetach.com\/?p=919\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WordPress Hunk Companion Plugin Exploited to Risky Plugins\" \/>\n<meta property=\"og:description\" content=\"A critical vulnerability in WordPress Hunk Companion Plugin allows hackers to install risky plugins, compromising website security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/thetach.com\/?p=919\" \/>\n<meta property=\"og:site_name\" content=\"The Tach\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-12T17:06:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-12T17:06:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/WordPress-Hunk-Companion-Plugin.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"700\" \/>\n\t<meta property=\"og:image:height\" content=\"377\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"burhan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"burhan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/thetach.com\/?p=919\",\"url\":\"https:\/\/thetach.com\/?p=919\",\"name\":\"WordPress Hunk Companion Plugin Exploited to Risky Plugins\",\"isPartOf\":{\"@id\":\"https:\/\/thetach.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/thetach.com\/?p=919#primaryimage\"},\"image\":{\"@id\":\"https:\/\/thetach.com\/?p=919#primaryimage\"},\"thumbnailUrl\":\"https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/WordPress-Hunk-Companion-Plugin.jpg\",\"datePublished\":\"2024-12-12T17:06:58+00:00\",\"dateModified\":\"2024-12-12T17:06:59+00:00\",\"author\":{\"@id\":\"https:\/\/thetach.com\/#\/schema\/person\/6d6cb82cade4630d79ecea8e44584e24\"},\"description\":\"A critical vulnerability in WordPress Hunk Companion Plugin allows hackers to install risky plugins, compromising website security.\",\"breadcrumb\":{\"@id\":\"https:\/\/thetach.com\/?p=919#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/thetach.com\/?p=919#faq-question-1734022888438\"},{\"@id\":\"https:\/\/thetach.com\/?p=919#faq-question-1734022896075\"},{\"@id\":\"https:\/\/thetach.com\/?p=919#faq-question-1734022911744\"},{\"@id\":\"https:\/\/thetach.com\/?p=919#faq-question-1734022925999\"}],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/thetach.com\/?p=919\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/thetach.com\/?p=919#primaryimage\",\"url\":\"https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/WordPress-Hunk-Companion-Plugin.jpg\",\"contentUrl\":\"https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/WordPress-Hunk-Companion-Plugin.jpg\",\"width\":700,\"height\":377,\"caption\":\"WordPress Hunk Companion Plugin\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/thetach.com\/?p=919#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/thetach.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WordPress Hunk Companion Plugin Exploited to Stealthily Install Risky Plugins\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/thetach.com\/#website\",\"url\":\"https:\/\/thetach.com\/\",\"name\":\"The Tach\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/thetach.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/thetach.com\/#\/schema\/person\/6d6cb82cade4630d79ecea8e44584e24\",\"name\":\"burhan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/thetach.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/97ceb1b65cf3f734d7ae9f33b317bd9c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/97ceb1b65cf3f734d7ae9f33b317bd9c?s=96&d=mm&r=g\",\"caption\":\"burhan\"},\"sameAs\":[\"https:\/\/thetach.com\"],\"url\":\"https:\/\/thetach.com\/?author=1\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/thetach.com\/?p=919#faq-question-1734022888438\",\"position\":1,\"url\":\"https:\/\/thetach.com\/?p=919#faq-question-1734022888438\",\"name\":\"What is the purpose of the WordPress Hunk Companion Plugin?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The plugin enhances Hunk themes, offering additional features and functionality.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/thetach.com\/?p=919#faq-question-1734022896075\",\"position\":2,\"url\":\"https:\/\/thetach.com\/?p=919#faq-question-1734022896075\",\"name\":\"What makes CVE-2024-11972 a critical vulnerability?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"This flaw allows unauthorized plugin installations via POST requests, compromising websites.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/thetach.com\/?p=919#faq-question-1734022911744\",\"position\":3,\"url\":\"https:\/\/thetach.com\/?p=919#faq-question-1734022911744\",\"name\":\"How do hackers exploit outdated plugins like WP Query Console?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Hackers exploit known vulnerabilities in outdated plugins to execute malicious commands.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/thetach.com\/?p=919#faq-question-1734022925999\",\"position\":4,\"url\":\"https:\/\/thetach.com\/?p=919#faq-question-1734022925999\",\"name\":\"What measures can improve WordPress website security?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Regular updates, security plugins, and two-factor authentication strengthen website defenses.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WordPress Hunk Companion Plugin Exploited to Risky Plugins","description":"A critical vulnerability in WordPress Hunk Companion Plugin allows hackers to install risky plugins, compromising website security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/thetach.com\/?p=919","og_locale":"en_US","og_type":"article","og_title":"WordPress Hunk Companion Plugin Exploited to Risky Plugins","og_description":"A critical vulnerability in WordPress Hunk Companion Plugin allows hackers to install risky plugins, compromising website security.","og_url":"https:\/\/thetach.com\/?p=919","og_site_name":"The Tach","article_published_time":"2024-12-12T17:06:58+00:00","article_modified_time":"2024-12-12T17:06:59+00:00","og_image":[{"width":700,"height":377,"url":"https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/WordPress-Hunk-Companion-Plugin.jpg","type":"image\/jpeg"}],"author":"burhan","twitter_card":"summary_large_image","twitter_misc":{"Written by":"burhan","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["WebPage","FAQPage"],"@id":"https:\/\/thetach.com\/?p=919","url":"https:\/\/thetach.com\/?p=919","name":"WordPress Hunk Companion Plugin Exploited to Risky Plugins","isPartOf":{"@id":"https:\/\/thetach.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/thetach.com\/?p=919#primaryimage"},"image":{"@id":"https:\/\/thetach.com\/?p=919#primaryimage"},"thumbnailUrl":"https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/WordPress-Hunk-Companion-Plugin.jpg","datePublished":"2024-12-12T17:06:58+00:00","dateModified":"2024-12-12T17:06:59+00:00","author":{"@id":"https:\/\/thetach.com\/#\/schema\/person\/6d6cb82cade4630d79ecea8e44584e24"},"description":"A critical vulnerability in WordPress Hunk Companion Plugin allows hackers to install risky plugins, compromising website security.","breadcrumb":{"@id":"https:\/\/thetach.com\/?p=919#breadcrumb"},"mainEntity":[{"@id":"https:\/\/thetach.com\/?p=919#faq-question-1734022888438"},{"@id":"https:\/\/thetach.com\/?p=919#faq-question-1734022896075"},{"@id":"https:\/\/thetach.com\/?p=919#faq-question-1734022911744"},{"@id":"https:\/\/thetach.com\/?p=919#faq-question-1734022925999"}],"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/thetach.com\/?p=919"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/thetach.com\/?p=919#primaryimage","url":"https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/WordPress-Hunk-Companion-Plugin.jpg","contentUrl":"https:\/\/thetach.com\/wp-content\/uploads\/2024\/12\/WordPress-Hunk-Companion-Plugin.jpg","width":700,"height":377,"caption":"WordPress Hunk Companion Plugin"},{"@type":"BreadcrumbList","@id":"https:\/\/thetach.com\/?p=919#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/thetach.com\/"},{"@type":"ListItem","position":2,"name":"WordPress Hunk Companion Plugin Exploited to Stealthily Install Risky Plugins"}]},{"@type":"WebSite","@id":"https:\/\/thetach.com\/#website","url":"https:\/\/thetach.com\/","name":"The Tach","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/thetach.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/thetach.com\/#\/schema\/person\/6d6cb82cade4630d79ecea8e44584e24","name":"burhan","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/thetach.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/97ceb1b65cf3f734d7ae9f33b317bd9c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/97ceb1b65cf3f734d7ae9f33b317bd9c?s=96&d=mm&r=g","caption":"burhan"},"sameAs":["https:\/\/thetach.com"],"url":"https:\/\/thetach.com\/?author=1"},{"@type":"Question","@id":"https:\/\/thetach.com\/?p=919#faq-question-1734022888438","position":1,"url":"https:\/\/thetach.com\/?p=919#faq-question-1734022888438","name":"What is the purpose of the WordPress Hunk Companion Plugin?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"The plugin enhances Hunk themes, offering additional features and functionality.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/thetach.com\/?p=919#faq-question-1734022896075","position":2,"url":"https:\/\/thetach.com\/?p=919#faq-question-1734022896075","name":"What makes CVE-2024-11972 a critical vulnerability?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"This flaw allows unauthorized plugin installations via POST requests, compromising websites.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/thetach.com\/?p=919#faq-question-1734022911744","position":3,"url":"https:\/\/thetach.com\/?p=919#faq-question-1734022911744","name":"How do hackers exploit outdated plugins like WP Query Console?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Hackers exploit known vulnerabilities in outdated plugins to execute malicious commands.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/thetach.com\/?p=919#faq-question-1734022925999","position":4,"url":"https:\/\/thetach.com\/?p=919#faq-question-1734022925999","name":"What measures can improve WordPress website security?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Regular updates, security plugins, and two-factor authentication strengthen website defenses.","inLanguage":"en-US"},"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/posts\/919","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thetach.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=919"}],"version-history":[{"count":1,"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/posts\/919\/revisions"}],"predecessor-version":[{"id":922,"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/posts\/919\/revisions\/922"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/media\/920"}],"wp:attachment":[{"href":"https:\/\/thetach.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=919"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thetach.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=919"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thetach.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=919"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}