On September 25th, 2024, and on October 3rd, 2024, we received submissions for Arbitrary Plugin Installation vulnerabilities in the GutenKit and Hunk Companion WordPress plugins, which have over 40,000 and 8,000 active installations, respectively.
These vulnerabilities make it possible for unauthenticated threat actors to install and activate arbitrary plugins, which can be leveraged to achieve remote code execution.
Our records indicate that attackers most recently started mass exploiting the issues again on October 8th, 2025 (approximately one year later), following several earlier incidents of large-scale exploitation.
We urge users to update their sites to at least GutenKit version 2.1.1 and Hunk Companion version 1.9.0 as soon as possible, if they have not already done so.
Source: Wordfence
Friday, October 24, 2025
