13 matches found
Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
The plugin does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, including vulnerable plugins that have been closed. id: CVE-2024-11972 info: name: Hunk Companion 1.9.0 - Unauthenticated Plugi...
CVE-2024-11972
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...
Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
Exploit Title: Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation Date: 16 December, 2024 Exploit Author: Jun Takemura Author's GitHub: https://github.com/JunTakemura Author's Blog: juntakemura.dev Vendor Homepage: https://themehunk.com Software Link:...
Exploit for CVE-2024-11972
CVE-2024-11972-PoC Hunk Companion 1.9.0 - Unauthenticated...
Exploit for CVE-2024-11972
Description Name : CVE-2024-11972 CVSSv3 Score : 9...
About Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability
About Authentication Bypass - Hunk Companion WordPress plugin CVE-2024-11972 vulnerability. ThemeHunk company develops commercial themes for WordPress CMS. And the Hunk Companion plugin is designed to complement and enhance the functionality of these themes. The plugin has over 10,000...
CVE-2024-11972
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...
CVE-2024-11972
CVE-2024-11972 affects the Hunk Companion WordPress plugin prior to 1.9.0. The flaw is improper authorization of REST API endpoints (notably the /wp-json/hc/v1/themehunk-import endpoint), allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, incl...
CVE-2024-11972 Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...
CVE-2024-11972 Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...
Exploit for CVE-2024-11972
-- Hunk Companion Plugin A PoC exploit for CVE-2024-1...
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 CVSS score: 9.8, affects all versions of the plugin prior to 1.9.0. The...
CVE-2024-11972
creationtimestamp| type| source ---|---|--- 2024-12-12 08:18:00+00:00| seen| https://thehackernews.com/2024/12/wordpress-hunk-companion-plugin-flaw.html 2024-12-12 10:21:49+00:00| exploited| https://t.me/thehackernews/6031 2024-12-12 14:52:32+00:00| published-proof-of-concept|...