Lucene search
K

13 matches found

Nuclei
Nuclei
added 2 days ago25 views

Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

The plugin does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, including vulnerable plugins that have been closed. id: CVE-2024-11972 info: name: Hunk Companion 1.9.0 - Unauthenticated Plugi...

9.8CVSS7.2AI score0.54754EPSS
Exploits5References4
RedhatCVE
RedhatCVE
added 2025/05/23 6:55 a.m.12 views

CVE-2024-11972

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

9.8CVSS7.2AI score0.54754EPSS
Exploits5References1
Exploit DB
Exploit DB
added 2025/04/18 12:0 a.m.272 views

Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation

Exploit Title: Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation Date: 16 December, 2024 Exploit Author: Jun Takemura Author's GitHub: https://github.com/JunTakemura Author's Blog: juntakemura.dev Vendor Homepage: https://themehunk.com Software Link:...

9.8CVSS7.4AI score0.54754EPSS
Exploits5
GithubExploit
GithubExploit
added 2025/01/29 9:17 p.m.466 views

Exploit for CVE-2024-11972

CVE-2024-11972-PoC Hunk Companion 1.9.0 - Unauthenticated...

9.8CVSS9.8AI score0.54754EPSS
Exploits5
GithubExploit
GithubExploit
added 2025/01/13 3:44 p.m.213 views

Exploit for CVE-2024-11972

Description Name : CVE-2024-11972 CVSSv3 Score : 9...

9.8CVSS10AI score0.54754EPSS
Exploits5
Information Security Automation
Information Security Automation
added 2025/01/11 12:41 p.m.28 views

About Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability

About Authentication Bypass - Hunk Companion WordPress plugin CVE-2024-11972 vulnerability. ThemeHunk company develops commercial themes for WordPress CMS. And the Hunk Companion plugin is designed to complement and enhance the functionality of these themes. The plugin has over 10,000...

10CVSS7.4AI score0.54754EPSS
Exploits9
NVD
NVD
added 2024/12/31 6:15 a.m.38 views

CVE-2024-11972

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

9.8CVSS0.54754EPSS
Exploits5References1
CVE
CVE
added 2024/12/31 6:0 a.m.177 views

CVE-2024-11972

CVE-2024-11972 affects the Hunk Companion WordPress plugin prior to 1.9.0. The flaw is improper authorization of REST API endpoints (notably the /wp-json/hc/v1/themehunk-import endpoint), allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, incl...

9.8CVSS6.8AI score0.54754EPSS
Exploits5References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/31 6:0 a.m.20 views

CVE-2024-11972 Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

7.1AI score0.54754EPSS
Exploits5References1
Cvelist
Cvelist
added 2024/12/31 6:0 a.m.40 views

CVE-2024-11972 Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

0.54754EPSS
Exploits5References1
GithubExploit
GithubExploit
added 2024/12/15 11:54 p.m.644 views

Exploit for CVE-2024-11972

-- Hunk Companion Plugin A PoC exploit for CVE-2024-1...

9.8CVSS9.7AI score0.54754EPSS
Exploits5
The Hacker News
The Hacker News
added 2024/12/12 9:18 a.m.21 views

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 CVSS score: 9.8, affects all versions of the plugin prior to 1.9.0. The...

10CVSS9.6AI score0.54754EPSS
Exploits11
Circl
Circl
added 2024/12/12 8:18 a.m.20 views

CVE-2024-11972

creationtimestamp| type| source ---|---|--- 2024-12-12 08:18:00+00:00| seen| https://thehackernews.com/2024/12/wordpress-hunk-companion-plugin-flaw.html 2024-12-12 10:21:49+00:00| exploited| https://t.me/thehackernews/6031 2024-12-12 14:52:32+00:00| published-proof-of-concept|...

9.8CVSS7.5AI score0.54754EPSS
Exploits5References26
Rows per page
Query Builder