Two days ago, a news story about WordPress websites being hacked was published titled “Hunk Companion WordPress plugin exploited to install vulnerable plugins.” The last part of that is important, but was largely ignored in the story. With the only mention saying that “While investigating a WordPress site infection, WPScan discovered active exploitation of CVE-2024-11972 to install a vulnerable version of WP Query Console.” That plugin was closed on the WordPress Plugin Directory on October 21.
↧
