<ul><li>Hackers have found a way to install old, outdated, and vulnerable plugins on WordPress websites, directly from the WordPress plugin repository.</li><li>The vulnerability was found in Hunk Companion, a plugin used by over 10,000 websites, allowing crooks to install other plugins with known vulnerabilities.</li><li>A threat actor abused the bug to install a vulnerable version of WP Query Console, enabling remote code execution on target sites.</li><li>The bug has been patched in Hunk Companion version 1.9.0, but roughly 8,800 sites are still vulnerable.</li></ul>

Another major WordPress plugin has been hacked to try and hijack your sites

Discover more